Enableing java logging in MSIE is dangerous

From: Jelmer (jelmerat_private)
Date: Sat Aug 17 2002 - 11:30:40 PDT

Next message: Jelmer: "RETRY : newly released winamp 3 fails to address serious "execution of arbitrary" code issue when combined with MSIE6"

Previous message: Jelmer: "Internet explorer can read local files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There is a feature  in the microsoft virtual machine shipped with
internet explorer called java logging (tools > internet options advanced)
what this basicly does is write java

System.out.println() ,  System.err.println etc output to a known
location on the users harddisk namely

%WINDIR%\java\javalog.txt

Those who have been following HTTP-EQUIV's discovery will realise that
this is extremely dangerous, as it will allow execution of arbitrary
code
However since this feature is disabled by default it can be considered
to be very low risk

--
  jelmer

Next message: Jelmer: "RETRY : newly released winamp 3 fails to address serious "execution of arbitrary" code issue when combined with MSIE6"
Previous message: Jelmer: "Internet explorer can read local files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Aug 17 2002 - 11:54:26 PDT