Microsoft's Java Implementation Is Full of Security Holes

Discussion in 'other security issues & news' started by Prince_Serendip, Sep 14, 2002.

Thread Status:
Not open for further replies.
  1. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    Surprise: Microsoft's Java Implementation Is Full of Security Holes

    Jouko Pynnönen of Online Solutions in Finland discovered a series of severe security vulnerabilities in Microsoft's Java implementation. Some of the vulnerabilities let attackers run arbitrary code through Microsoft Internet Explorer (IE) and Outlook Express. According to a message posted to the NTBugTraq mailing list on September 9, Pynnönen discovered and reported to Microsoft as many as 10 such vulnerabilities during July and August.

    Pynnönen said, "Some of these [vulnerabilities] allow file access on [users' systems], some allow access to other resources, and some allow delivery and execution of arbitrary program code on the victim system. These attacks can be carried out when a Web page or mail message containing a hostile [Java] applet is viewed with Internet Explorer or Outlook. In this case the applet [can] upload any program code and start it. The code can [perform] any operations the user can [perform, such as] read or modify files, install or remove programs, etc."

    Read More.....

    Note: SunMicro Java Plugins are okay!
     
  2. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    And M$ still is forging ahead with Passport and dot net.
    Can you just imagine the security surprises that await us there? :mad:
     
Loading...
Thread Status:
Not open for further replies.