Re: Vulnerabilities in Microsoft's Java implementation

[Gwendal Stevanazzi <stevanazzi () aleks com>]

On 11 Sep 2002, Damon McMahon wrote:

> In-Reply-To: <Pine.LNX.4.33.0209091507490.19081-100000 () lissu solutions fi>
>
> Since Sun's implementation of the JVM is not vulnerable
> AFAYK, would installing Sun's Java VM and then
> configuring it to handle Java applets in IE be an
> acceptable workaround?

I'm not sure about that since you can force the use of the microsoft jvm
with the <object> tag :
<object classid="java:myClass.class" codetype="application/java" width=3 height=3 MAYSCRIPT="MAYSCRIPT"  >





> > WORKAROUNDS
> > ===========
> >
> > Microsoft was first contacted in July 2002 and started
> their
> > investigation of potential Java vulnerabilities. More
> of them were found
> > during August and reported to the vendor. Microsoft
> has acknowledged most
> > of the vulnerabilities and is currently working on a
> patch to correct
> > them.
> >
> > To protect themselves, Internet Explorer and Outlook
> (Express) users can
> > disable Java Applets until the patch is released. This
> can be done in
> > Internet Options -> Security -> Internet -> Custom
> Level -> Microsoft
> > VM, select "Disable Java".
> >
> > If you want to use an Applet on a certain web site you
> trust, you can add
> > the site to the Trusted Sites zone and enable Applets
> in that zone.
> >