[14029] in bugtraq
Re: `Microsoft VM for Java' allows reading local files using
daemon@ATHENA.MIT.EDU (TAKAGI, Hiromitsu)
Fri Feb 25 19:09:07 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <38B5C164168.DD3CTAKAGI@java-house.etl.go.jp>
Date: Fri, 25 Feb 2000 08:40:20 +0900
Reply-To: "TAKAGI, Hiromitsu" <takagi@ETL.GO.JP>
From: "TAKAGI, Hiromitsu" <takagi@ETL.GO.JP>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <38963BC2122.9A8DTAKAGI@java-house.etl.go.jp>
On Tue, 1 Feb 2000 10:49:54 +0900, I wrote:
> Microsoft JVM allows reading local files using getSystemResourceAsStream.
> For a detailed description, please see the following article.
> http://java-house.etl.go.jp/ml/archive/j-h-b/030376.html (in Japanese)
> http://java-house.etl.go.jp/ml/archive/j-h-b/030411.html (in English)
We have released a new note which includes additional information to the
previous warning.
http://java-house.etl.go.jp/ml/archive/j-h-b/031072.html (in Japanese)
http://java-house.etl.go.jp/ml/archive/j-h-b/031178.html (in English)
There are three new issues:
1. Windows2000 is also affected
2. IE5 has additional hole for "Existence Attack" over whole C:\
3. Patch available from Microsoft with inappropriate description
of the vulnerability
Thank you.
--
Hiromitsu Takagi
http://www.etl.go.jp/~takagi/
