Bugtraq mailing list archives
Re: `Microsoft VM for Java' allows reading local files using `getSystemResourceAsStream'.
From: takagi () ETL GO JP (TAKAGI, Hiromitsu)
Date: Fri, 25 Feb 2000 08:40:20 +0900
On Tue, 1 Feb 2000 10:49:54 +0900, I wrote:
Microsoft JVM allows reading local files using getSystemResourceAsStream. For a detailed description, please see the following article. http://java-house.etl.go.jp/ml/archive/j-h-b/030376.html (in Japanese) http://java-house.etl.go.jp/ml/archive/j-h-b/030411.html (in English)
We have released a new note which includes additional information to the previous warning. http://java-house.etl.go.jp/ml/archive/j-h-b/031072.html (in Japanese) http://java-house.etl.go.jp/ml/archive/j-h-b/031178.html (in English) There are three new issues: 1. Windows2000 is also affected 2. IE5 has additional hole for "Existence Attack" over whole C:\ 3. Patch available from Microsoft with inappropriate description of the vulnerability Thank you. -- Hiromitsu Takagi http://www.etl.go.jp/~takagi/
Current thread:
- `Microsoft VM for Java' allows reading local files using `getSystemResourceAsStream'. TAKAGI, Hiromitsu (Jan 31)
- Re: `Microsoft VM for Java' allows reading local files using `getSystemResourceAsStream'. Ari Gordon-Schlosberg (Feb 01)
- Re: `Microsoft VM for Java' allows reading local files using `getSystemResourceAsStream'. TAKAGI, Hiromitsu (Feb 24)