On Tue, 1 Feb 2000 10:49:54 +0900, I wrote: > Microsoft JVM allows reading local files using getSystemResourceAsStream. > For a detailed description, please see the following article. > http://java-house.etl.go.jp/ml/archive/j-h-b/030376.html (in Japanese) > http://java-house.etl.go.jp/ml/archive/j-h-b/030411.html (in English) We have released a new note which includes additional information to the previous warning. http://java-house.etl.go.jp/ml/archive/j-h-b/031072.html (in Japanese) http://java-house.etl.go.jp/ml/archive/j-h-b/031178.html (in English) There are three new issues: 1. Windows2000 is also affected 2. IE5 has additional hole for "Existence Attack" over whole C:\ 3. Patch available from Microsoft with inappropriate description of the vulnerability Thank you. -- Hiromitsu Takagi http://www.etl.go.jp/~takagi/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:37:09 PDT