Bugtraq mailing list archives
Re: Vulnerabilities in Microsoft's Java implementation
From: Gwendal Stevanazzi <stevanazzi () aleks com>
Date: Wed, 11 Sep 2002 09:35:24 -0700 (PDT)
On 11 Sep 2002, Damon McMahon wrote:
In-Reply-To: <Pine.LNX.4.33.0209091507490.19081-100000 () lissu solutions fi> Since Sun's implementation of the JVM is not vulnerable AFAYK, would installing Sun's Java VM and then configuring it to handle Java applets in IE be an acceptable workaround?
I'm not sure about that since you can force the use of the microsoft jvm with the <object> tag : <object classid="java:myClass.class" codetype="application/java" width=3 height=3 MAYSCRIPT="MAYSCRIPT" >
WORKAROUNDS =========== Microsoft was first contacted in July 2002 and startedtheirinvestigation of potential Java vulnerabilities. Moreof them were foundduring August and reported to the vendor. Microsofthas acknowledged mostof the vulnerabilities and is currently working on apatch to correctthem. To protect themselves, Internet Explorer and Outlook(Express) users candisable Java Applets until the patch is released. Thiscan be done inInternet Options -> Security -> Internet -> CustomLevel -> MicrosoftVM, select "Disable Java". If you want to use an Applet on a certain web site youtrust, you can addthe site to the Trusted Sites zone and enable Appletsin that zone.
Current thread:
- Vulnerabilities in Microsoft's Java implementation Jouko Pynnonen (Sep 09)
- <Possible follow-ups>
- Re: Vulnerabilities in Microsoft's Java implementation Damon McMahon (Sep 11)
- Re: Vulnerabilities in Microsoft's Java implementation Gwendal Stevanazzi (Sep 11)
- Re: Vulnerabilities in Microsoft's Java implementation Mike Duncan (Sep 11)