Re: Vulnerabilities in Microsoft's Java implementation

From: Gwendal Stevanazzi (stevanazzi@aleks.com)
Date: 09/11/02

• Previous message: Berend-Jan Wever: "Norton AntiVirus 2001 POP3 Proxy local DoS"
• In reply to: Damon McMahon: "Re: Vulnerabilities in Microsoft's Java implementation"
• Next in thread: Mike Duncan: "Re: Vulnerabilities in Microsoft's Java implementation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 11 Sep 2002 09:35:24 -0700 (PDT)
From: Gwendal Stevanazzi <stevanazzi@aleks.com>
To: Damon McMahon <inst_karma@hotmail.com>

On 11 Sep 2002, Damon McMahon wrote:

> In-Reply-To: <Pine.LNX.4.33.0209091507490.19081-100000@lissu.solutions.fi>
>
> Since Sun's implementation of the JVM is not vulnerable
> AFAYK, would installing Sun's Java VM and then
> configuring it to handle Java applets in IE be an
> acceptable workaround?

I'm not sure about that since you can force the use of the microsoft jvm
with the <object> tag :
<object classid="java:myClass.class" codetype="application/java" width=3 height=3 MAYSCRIPT="MAYSCRIPT" >

>
> >
> >
> >WORKAROUNDS
> >===========
> >
> >Microsoft was first contacted in July 2002 and started
> their
> >investigation of potential Java vulnerabilities. More
> of them were found
> >during August and reported to the vendor. Microsoft
> has acknowledged most
> >of the vulnerabilities and is currently working on a
> patch to correct
> >them.
> >
> >To protect themselves, Internet Explorer and Outlook
> (Express) users can
> >disable Java Applets until the patch is released. This
> can be done in
> >Internet Options -> Security -> Internet -> Custom
> Level -> Microsoft
> >VM, select "Disable Java".
> >
> >If you want to use an Applet on a certain web site you
> trust, you can add
> >the site to the Trusted Sites zone and enable Applets
> in that zone.
> >
> >
>

---

• Previous message: Berend-Jan Wever: "Norton AntiVirus 2001 POP3 Proxy local DoS"
• In reply to: Damon McMahon: "Re: Vulnerabilities in Microsoft's Java implementation"
• Next in thread: Mike Duncan: "Re: Vulnerabilities in Microsoft's Java implementation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Vulnerabilities in Microsofts Java implementation ... AFAIK, because of the Microsoft vs. Sun dispute over Java rights, the ... Microsoft VM only complies with Java 1.2 or maybe even lower. ... >>disable Java Applets until the patch is released. ... (Bugtraq) Re: googlems.dll ... then also i use Sun Java instead of microsoft ... >these vulnerabilities at that reference. ... (microsoft.public.security.virus) Re: fphover.class in IE7 ... Most Windows XP and IE 6 and up users do not have the ability to run Java applets (FP hover buttons, ... etc.) since Microsoft now longer provide a Java Virtual Machine. ... testing IE7 and that is the one thing that did not work. ... (microsoft.public.frontpage.programming) Re: Java problem - What setting do I need to change? ... Microsoft VM options in Internet Options. ... programs) which may be blocking Java applets. ... Have you reinstalled Java or looked for an update? ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: Vulnerabilities in Microsofts Java implementation ... would installing Sun's Java VM and then ... >Microsoft was first contacted in July 2002 and started ... >investigation of potential Java vulnerabilities. ... >disable Java Applets until the patch is released. ... (Bugtraq)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)