Bugtraq mailing list archives
Re: Vulnerabilities in Microsoft's Java implementation
From: Mike Duncan <security () randomtask net>
Date: 11 Sep 2002 15:47:25 -0400
AFAIK, because of the Microsoft vs. Sun dispute over Java rights, the Microsoft VM only complies with Java 1.2 or maybe even lower. So as a standard of mine, and because I can use the OBJECT tag to automagically upgrade a client (depending on network conditions), I always have clients upgrade to the Sun implementation. This allows me to cut down the JAR/CAB file sizes (because I no longer have to include things like SWING) and also it allows me to take full advantage of the Java 1.4. I would suggest that anyone wanting to migrate take a look at http://java.sun.com for more information (especially look at the plugin documentation as it will make life a lot easier). Mike Duncan security () randomtask net http://www.randomtask.net On Wed, 2002-09-11 at 00:30, Damon McMahon wrote:
In-Reply-To: <Pine.LNX.4.33.0209091507490.19081-100000 () lissu solutions fi> Since Sun's implementation of the JVM is not vulnerable AFAYK, would installing Sun's Java VM and then configuring it to handle Java applets in IE be an acceptable workaround?WORKAROUNDS =========== Microsoft was first contacted in July 2002 and startedtheirinvestigation of potential Java vulnerabilities. Moreof them were foundduring August and reported to the vendor. Microsofthas acknowledged mostof the vulnerabilities and is currently working on apatch to correctthem. To protect themselves, Internet Explorer and Outlook(Express) users candisable Java Applets until the patch is released. Thiscan be done inInternet Options -> Security -> Internet -> CustomLevel -> MicrosoftVM, select "Disable Java". If you want to use an Applet on a certain web site youtrust, you can addthe site to the Trusted Sites zone and enable Appletsin that zone.
Current thread:
- Vulnerabilities in Microsoft's Java implementation Jouko Pynnonen (Sep 09)
- <Possible follow-ups>
- Re: Vulnerabilities in Microsoft's Java implementation Damon McMahon (Sep 11)
- Re: Vulnerabilities in Microsoft's Java implementation Gwendal Stevanazzi (Sep 11)
- Re: Vulnerabilities in Microsoft's Java implementation Mike Duncan (Sep 11)