Prince_Serendip
September 14th, 2002, 08:30 AM
Surprise: Microsoft's Java Implementation Is Full of Security Holes
Jouko Pynnönen of Online Solutions in Finland discovered a series of severe security vulnerabilities (http://www.winnetmag.com/FindIT/Index.cfm?ID=36')) in Microsoft's Java implementation. Some of the vulnerabilities let attackers run arbitrary code through Microsoft Internet Explorer (IE) and Outlook Express (http://www.winnetmag.com/FindIT/Index.cfm?ID=22')). According to a message posted to the NTBugTraq mailing list on September 9, Pynnönen discovered and reported to Microsoft as many as 10 such vulnerabilities during July and August.
Pynnönen said, "Some of these [vulnerabilities] allow file access on [users' systems], some allow access to other resources, and some allow delivery and execution of arbitrary program code on the victim system. These attacks can be carried out when a Web page or mail message containing a hostile [Java] applet is viewed with Internet Explorer or Outlook. In this case the applet [can] upload any program code and start it. The code can [perform] any operations the user can [perform, such as] read or modify files, install or remove programs, etc."
Read More..... (http://www.wininformant.com/Articles/Index.cfm?ArticleID=26623)
Note: SunMicro Java Plugins are okay!
Jouko Pynnönen of Online Solutions in Finland discovered a series of severe security vulnerabilities (http://www.winnetmag.com/FindIT/Index.cfm?ID=36')) in Microsoft's Java implementation. Some of the vulnerabilities let attackers run arbitrary code through Microsoft Internet Explorer (IE) and Outlook Express (http://www.winnetmag.com/FindIT/Index.cfm?ID=22')). According to a message posted to the NTBugTraq mailing list on September 9, Pynnönen discovered and reported to Microsoft as many as 10 such vulnerabilities during July and August.
Pynnönen said, "Some of these [vulnerabilities] allow file access on [users' systems], some allow access to other resources, and some allow delivery and execution of arbitrary program code on the victim system. These attacks can be carried out when a Web page or mail message containing a hostile [Java] applet is viewed with Internet Explorer or Outlook. In this case the applet [can] upload any program code and start it. The code can [perform] any operations the user can [perform, such as] read or modify files, install or remove programs, etc."
Read More..... (http://www.wininformant.com/Articles/Index.cfm?ArticleID=26623)
Note: SunMicro Java Plugins are okay!