Full Disclosure mailing list archives
Re: MS-02-052
From: jouko () solutions fi (Jouko Pynnonen)
Date: Fri, 20 Sep 2002 01:20:11 +0300 (EEST)
On 19 Sep 2002 dev-null () no-id com wrote:
Does anybody else find it disturbing that today's JVM patch can only be installed through Windows Update, and the Windows Update site now
What's perhaps more disturbing is that most of the reported JVM vulnerabilities weren't fixed yet and an Applet can still execute arbitrary code by exploiting the remaining ones. So even with the patch, enabling MS's Java for IE and the Internet Zone isn't a good idea right now. -- Jouko Pynnonen Online Solutions Ltd Secure your Linux - jouko () solutions fi http://www.solutions.fi http://www.secmod.com
Current thread:
- Re: MS-02-052 full-disclosure () lists netsys com (Sep 19)
- Re: MS-02-052 Nick FitzGerald (Sep 19)
- Re: MS-02-052 Jouko Pynnonen (Sep 19)
- Re: MS-02-052 Steve (Sep 20)
- Re: MS-02-052 Nexus (Sep 20)
- Re: MS-02-052 Steve (Sep 20)
- Re: MS-02-052 Nexus (Sep 20)
- Re: MS-02-052 Steve (Sep 20)
- <Possible follow-ups>
- Re: MS-02-052 naked_turkey () hushmail com (Sep 20)
- Re: MS-02-052 gobbles () hush com (Sep 20)
- Re: MS-02-052 John (Sep 20)
- Re: MS-02-052 phc () hush com (Sep 20)
- Re: MS-02-052 full-disclosure () lists netsys com (Sep 20)
- Re: MS-02-052 Moyer, Shawn (Sep 20)