[26992] in bugtraq
Re: Vulnerabilities in Microsoft's Java implementation
daemon@ATHENA.MIT.EDU (Damon McMahon)
Wed Sep 11 15:32:35 2002
Date: 11 Sep 2002 04:30:10 -0000
Message-ID: <20020911043010.29724.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Damon McMahon <inst_karma@hotmail.com>
To: bugtraq@securityfocus.com
In-Reply-To: <Pine.LNX.4.33.0209091507490.19081-100000@lissu.solutions.fi>
Since Sun's implementation of the JVM is not vulnerable
AFAYK, would installing Sun's Java VM and then
configuring it to handle Java applets in IE be an
acceptable workaround?
>
>
>WORKAROUNDS
>===========
>
>Microsoft was first contacted in July 2002 and started
their
>investigation of potential Java vulnerabilities. More
of them were found
>during August and reported to the vendor. Microsoft
has acknowledged most
>of the vulnerabilities and is currently working on a
patch to correct
>them.
>
>To protect themselves, Internet Explorer and Outlook
(Express) users can
>disable Java Applets until the patch is released. This
can be done in
>Internet Options -> Security -> Internet -> Custom
Level -> Microsoft
>VM, select "Disable Java".
>
>If you want to use an Applet on a certain web site you
trust, you can add
>the site to the Trusted Sites zone and enable Applets
in that zone.
>
>
