[Full-Disclosure] Re: MS-02-052

• Previous message: Steven M. Christey: "Re: [Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3."
• Next in thread: Steve: "Re: [Full-Disclosure] Re: MS-02-052"
• Reply: Steve: "Re: [Full-Disclosure] Re: MS-02-052"
• Reply: gobblesat_private: "Re: [Full-Disclosure] Re: MS-02-052"
• Reply: phcat_private: "Re: [Full-Disclosure] Re: MS-02-052"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 19 Sep 2002 dev-null@no-id.com wrote:

> Does anybody else find it disturbing that today's JVM patch can only be 
> installed through Windows Update, and the Windows Update site now 


What's perhaps more disturbing is that most of the reported JVM 
vulnerabilities weren't fixed yet and an Applet can still execute 
arbitrary code by exploiting the remaining ones. So even with the patch, 
enabling MS's Java for IE and the Internet Zone isn't a good idea right 
now.



-- 
Jouko Pynnonen          Online Solutions Ltd      Secure your Linux -
joukoat_private      http://www.solutions.fi   http://www.secmod.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Next message: secureat_private: "[CLA-2002:524] Conectiva Linux Security Announcement - postgresql"
• Previous message: Steven M. Christey: "Re: [Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3."
• Next in thread: Steve: "Re: [Full-Disclosure] Re: MS-02-052"
• Reply: Steve: "Re: [Full-Disclosure] Re: MS-02-052"
• Reply: gobblesat_private: "Re: [Full-Disclosure] Re: MS-02-052"
• Reply: phcat_private: "Re: [Full-Disclosure] Re: MS-02-052"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 19 2002 - 15:47:59 PDT