Full Disclosure mailing list archives

Re: MS-02-052

From: jouko () solutions fi (Jouko Pynnonen)
Date: Fri, 20 Sep 2002 01:20:11 +0300 (EEST)


On 19 Sep 2002 dev-null () no-id com wrote:

Does anybody else find it disturbing that today's JVM patch can only be 
installed through Windows Update, and the Windows Update site now



What's perhaps more disturbing is that most of the reported JVM 
vulnerabilities weren't fixed yet and an Applet can still execute 
arbitrary code by exploiting the remaining ones. So even with the patch, 
enabling MS's Java for IE and the Internet Zone isn't a good idea right 
now.



-- 
Jouko Pynnonen          Online Solutions Ltd      Secure your Linux -
jouko () solutions fi      http://www.solutions.fi   http://www.secmod.com

Current thread:

Re: MS-02-052 full-disclosure () lists netsys com (Sep 19)
- Re: MS-02-052 Nick FitzGerald (Sep 19)
- Re: MS-02-052 Jouko Pynnonen (Sep 19)
  - Re: MS-02-052 Steve (Sep 20)
    - Re: MS-02-052 Nexus (Sep 20)
    - Re: MS-02-052 Steve (Sep 20)
    - Re: MS-02-052 Nexus (Sep 20)
- <Possible follow-ups>
- Re: MS-02-052 naked_turkey () hushmail com (Sep 20)
- Re: MS-02-052 gobbles () hush com (Sep 20)
- Re: MS-02-052 John (Sep 20)
- Re: MS-02-052 phc () hush com (Sep 20)
- Re: MS-02-052 full-disclosure () lists netsys com (Sep 20)
- Re: MS-02-052 Moyer, Shawn (Sep 20)

(Thread continues...)