Re: Vulnerabilities in Microsoft's Java implementation

From: Mike Duncan (security@randomtask.net)
Date: 09/11/02

• Previous message: Auriemma Luigi: "Some unpatched vulnerabilities fixed"
• In reply to: Damon McMahon: "Re: Vulnerabilities in Microsoft's Java implementation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Mike Duncan <security@randomtask.net>
To: Damon McMahon <inst_karma@hotmail.com>
Date: 11 Sep 2002 15:47:25 -0400

AFAIK, because of the Microsoft vs. Sun dispute over Java rights, the
Microsoft VM only complies with Java 1.2 or maybe even lower. So as a
standard of mine, and because I can use the OBJECT tag to automagically
upgrade a client (depending on network conditions), I always have
clients upgrade to the Sun implementation. This allows me to cut down
the JAR/CAB file sizes (because I no longer have to include things like
SWING) and also it allows me to take full advantage of the Java 1.4. I
would suggest that anyone wanting to migrate take a look at
http://java.sun.com for more information (especially look at the plugin
documentation as it will make life a lot easier).

Mike Duncan
security@randomtask.net
http://www.randomtask.net

On Wed, 2002-09-11 at 00:30, Damon McMahon wrote:
> In-Reply-To: <Pine.LNX.4.33.0209091507490.19081-100000@lissu.solutions.fi>
>
> Since Sun's implementation of the JVM is not vulnerable
> AFAYK, would installing Sun's Java VM and then
> configuring it to handle Java applets in IE be an
> acceptable workaround?
>
> >
> >
> >WORKAROUNDS
> >===========
> >
> >Microsoft was first contacted in July 2002 and started
> their
> >investigation of potential Java vulnerabilities. More
> of them were found
> >during August and reported to the vendor. Microsoft
> has acknowledged most
> >of the vulnerabilities and is currently working on a
> patch to correct
> >them.
> >
> >To protect themselves, Internet Explorer and Outlook
> (Express) users can
> >disable Java Applets until the patch is released. This
> can be done in
> >Internet Options -> Security -> Internet -> Custom
> Level -> Microsoft
> >VM, select "Disable Java".
> >
> >If you want to use an Applet on a certain web site you
> trust, you can add
> >the site to the Trusted Sites zone and enable Applets
> in that zone.
> >
> >

---

• Previous message: Auriemma Luigi: "Some unpatched vulnerabilities fixed"
• In reply to: Damon McMahon: "Re: Vulnerabilities in Microsoft's Java implementation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: porting from C++Builder ... the java was growing and, obviously, microsoft initially tried to ... that crowds of developers would rather stay and develop windows applications. ... (microsoft.public.dotnet.languages.vc) Re: porting from C++Builder ... that's correct and there is a very strong reason for taking this ... the java was growing and, obviously, microsoft initially tried to ... that crowds of developers would rather stay and develop windows applications. ... (microsoft.public.dotnet.languages.vc) Re: Microsoft Java almost gone in Vista ... Internet Explorer 7 and the Sun JVM also installed, ... one can un-select Sun Java and the Microsoft VM works a bit. ... (comp.lang.java.programmer) java virtual machine ... Transitioning from the Microsoft Java Virtual Machine ... support the Microsoft® Java Virtual Machine (MSJVM). ... The transition and migration options Microsoft offers ... (microsoft.public.windowsxp.security_admin) RE: Find your solutions with real Free eBOOKS! ... Early Achiever Microsoft Certified Solution Developer for Microsoft.net ... > Core Java 2, Volume II: ... > The C++ Programming Language ... A Practical Guide using UML ... (microsoft.public.dotnet.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)