Network Security: Detailed info on Re: Sun Java Plugin arbitrary package access vulnerability

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Re: Sun Java Plugin arbitrary package access vulnerability

from [Peter Greenwood] Network Security

[Permanent Link]

Subject:	Re: Sun Java Plugin arbitrary package access vulnerability
Date:	Thu, 25 Nov 2004 18:02:42 +0000

On Thu, 2004-11-25 at 05:00, Ken S wrote:

For browsing to unknown
sites, it would appear that there is no need to uninstall the older
versions, unless there is a way for the javascript code to call a
lower version of the JRE.   Hopefully, that's not possible.


Unfortunately it probably is; see
http://java.sun.com/products/plugin/versions.html#answers

In fact it may be possible to cause the download of a vulnerable
version, in some cases.
-- 
Peter Greenwood <peterg@reel.demon.co.uk>

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Sun Java Plugin arbitrary package access vulnerability, Jouko Pynnonen Re: Sun Java Plugin arbitrary package access vulnerability, Ken S [Full-Disclosure] Re: Sun Java Plugin arbitrary package access vulnerability, Alla Bezroutchko Re: [Full-Disclosure] Re: Sun Java Plugin arbitrary package access vulnerability, Exchange [Full-Disclosure] Rumours about Opera, Marc Schoenefeld Re: Sun Java Plugin arbitrary package access vulnerability, Ken S Re: Sun Java Plugin arbitrary package access vulnerability, Peter Greenwood <=

Previous by Date:	EZshopper is still vulnerable against Directory Traversal., Zero_X www.lobnan.de Team
Next by Date:	[Full-Disclosure] Re: To anybody who's offended by my disclosure policy, Gadi Evron
Previous by Thread:	Re: Sun Java Plugin arbitrary package access vulnerability, Ken S
Next by Thread:	[CLA-2004:894] Conectiva Security Announcement - shadow-utils, Conectiva Updates
Indexes:	[Date] [Thread] [Top] [All Lists]