Bugtraq mailing list archives
Re: [Full-disclosure] SEC-CONSULT SA-20050629-0
From: Moritz Naumann <info () moritz-naumann com>
Date: Thu, 30 Jun 2005 19:16:44 +0200
vulnerable versions: --------------- javaprxy.dll 5.00.3810 internet explorer 6.0.2900.2180.xpsp_sp2_gdr.050301-1519 these are the versions tested, other versions may of course be vulnerable.
This is quite interesting. javaprxy.dll, aka 'Interface Proxy for Java' is/was part of the Virtual Machine for Java which M$ may no longer distribute. Its version number indicates that it was initially made for IE 5.x. You can download an archived distribution of the Virtual Machine for Internet Explorer at http://web.archive.org/web/20020201205255/http://www.microsoft.com/java/vm/dl_vm40.htm The file itself is here: http://web.archive.org/web/20020201205255/http://download.microsoft.com/download/vm/Install/3802/W9X2KMe/EN-US/msjavx86.exe This package, entitled "Microsoft VM build 3802 for Windows 95/98, Windows Me, Windows NT 4.0 and Windows XP", will, once extracted to the TEMP folder, reveal the "javaprxy.dll" file, version 5.00.3802. I don't know much about the contract M$ and Sun have, but it seems to me like M$ forgot to remove this file off the hard disks of people who have upgraded their I8N'd versions of Internet Explorer from v5.x to 6.x (or just v6 SP 0/1 to v6 SP 1/2). Just my five cents, Moritz
Current thread:
- SEC-CONSULT SA-20050629-0 Bernhard Mueller (Jun 29)
- Re: [Full-disclosure] SEC-CONSULT SA-20050629-0 Moritz Naumann (Jun 30)