nsane.forums Posted April 9, 2010 Share Posted April 9, 2010 The flaw occurs because the Java-Plugin Browser is running "javaws.exe" without validating command-line parameters. View: Original Article Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 10, 2010 Administrator Share Posted April 10, 2010 Java flaw exposes Windows users to attacks A vulnerability in Java technology could be exploited by attackers and used to compromise computers running Windows if they visit a Web page hosting malicious code, two researchers warned on Friday. Google engineer Tavis Ormandy released details on the Full Disclosure e-mail list and Ruben Santamarta, an engineer for Wintercore, wrote about it on his company's blog site. The problem is with the Java Web Start framework, which allows developers an easy way to create Java applications. Disabling the Java plug-in will not protect against an attack, according to Ormandy. "The toolkit provides only minimal validation of the URL parameter, allowing us to pass arbitrary parameters to the javaws [Java Web Start] utility, which provides enough functionality via command line arguments to allow this error to be exploited," Ormandy wrote. "The simplicity with which this error can be discovered has convinced me that releasing this document is in the best interest of everyone except the vendor." The vulnerability affects all current versions of Windows and the major browsers including Firefox, Internet Explorer and Chrome, according to Kaspersky Lab's Threat Post blog. Ormandy said he informed Sun about the problem but was told it was not considered high enough priority to issue a patch outside of the regular quarterly patch cycle. Representatives at Oracle, which recently acquired Sun Microsystems, did not respond to a phone call and e-mails seeking comment late on Friday. Source: CNET Link to comment Share on other sites More sharing options...
bashar Posted April 10, 2010 Share Posted April 10, 2010 Sun Java where FLAWS happen :frusty: Link to comment Share on other sites More sharing options...
Dumbass Posted April 11, 2010 Share Posted April 11, 2010 Why would anyone need Java for browsing in today's web? Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 11, 2010 Administrator Share Posted April 11, 2010 Why would anyone need Java for browsing in today's web?Some sites need it to run specific plug-ins. For me, not having Java installed on your PC is similar to Flash not installed in the same PC.And Java doesn't end up only for running web sites. Link to comment Share on other sites More sharing options...
mmethw2003 Posted April 11, 2010 Share Posted April 11, 2010 ohh y they wont cme up wth a Patch :s Link to comment Share on other sites More sharing options...
chlorophyll Posted April 11, 2010 Share Posted April 11, 2010 i love SUN JAVA. :wub: Link to comment Share on other sites More sharing options...
Mr.Smith Posted April 11, 2010 Share Posted April 11, 2010 i love SUN JAVA. :wub:Hate to disillusion you, but it's Oracle's Java now B) Link to comment Share on other sites More sharing options...
Bizarre™ Posted April 11, 2010 Share Posted April 11, 2010 Why would anyone need Java for browsing in today's web?Sometimes you need Java to run Java based programs.Java is not just for browsing. Link to comment Share on other sites More sharing options...
Bizarre™ Posted April 11, 2010 Share Posted April 11, 2010 @Mr.Smith:As long as it's not M$ Java :lmao: Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.