Re: `Microsoft VM for Java' allows reading local files using

From: TAKAGI, Hiromitsu (takagiat_private)
Date: Thu Feb 24 2000 - 15:40:20 PST

Next message: Christophe GRENIER: "Scorpion Marlin"

Previous message: J.A. Gutierrez: "Re: Sambar Server alert! (2)"
Maybe in reply to: TAKAGI, Hiromitsu: "`Microsoft VM for Java' allows reading local files using"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 1 Feb 2000 10:49:54 +0900, I wrote:
> Microsoft JVM allows reading local files using getSystemResourceAsStream.
> For a detailed description, please see the following article.
> http://java-house.etl.go.jp/ml/archive/j-h-b/030376.html (in Japanese)
> http://java-house.etl.go.jp/ml/archive/j-h-b/030411.html (in English)

We have released a new note which includes additional information to the
previous warning.
http://java-house.etl.go.jp/ml/archive/j-h-b/031072.html (in Japanese)
http://java-house.etl.go.jp/ml/archive/j-h-b/031178.html (in English)

There are three new issues:
  1.  Windows2000 is also affected
  2.  IE5 has additional hole for "Existence Attack" over whole C:\
  3.  Patch available from Microsoft with inappropriate description
      of the vulnerability


Thank you.
--
Hiromitsu Takagi
http://www.etl.go.jp/~takagi/

Next message: Christophe GRENIER: "Scorpion Marlin"
Previous message: J.A. Gutierrez: "Re: Sambar Server alert! (2)"
Maybe in reply to: TAKAGI, Hiromitsu: "`Microsoft VM for Java' allows reading local files using"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:37:09 PDT