Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Forums
New posts
All threads
Latest threads
New posts
Trending threads
Trending
Search forums
What's new
New posts
New ads
New profile posts
Latest activity
Free Ads
Latest reviews
Search ads
Members
Current visitors
New profile posts
Search profile posts
Contact us
Latest ads
Colombo
Red Hat Certified System Administrator (RHCSA) - RHEL 10
Sanjeewani95
Updated:
Yesterday at 7:43 PM
NURSING , CAREGIVER , HOTEL & BEAUTY COURSES
IVA Para Medical Campus
Updated:
Thursday at 9:24 AM
Handmade Character Soft Toys Peppa Pig Family
anil1961
Updated:
Wednesday at 9:58 PM
Ad icon
Video Content Creator
pramukag
Updated:
Sunday at 6:10 AM
Ad icon
QA Engineer Intern
pramukag
Updated:
Sunday at 6:07 AM
Electronics
Vehicles
Property
Search
Reply to thread
Forums
Computers & Internet
News & Discussion
Java flaw exposes Windows users to attacks
Get the App
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="methsri" data-source="post: 7230324" data-attributes="member: 65662"><p>A vulnerability in Java technology could be exploited by attackers and used to compromise computers running Windows if they visit a Web page hosting malicious code, two researchers warned on Friday.</p><p></p><p>Google engineer <span style="color: Blue">Tavis Ormandy</span> released details on the Full Disclosure e-mail list and Ruben Santamarta, an engineer for Wintercore, wrote about it on his company's blog site.</p><p></p><p><span style="font-family: 'Verdana'">The problem is with the Java Web Start framework, which allows developers an easy way to create Java applications. Disabling the Java plug-in will not protect against an attack</span>, according to Ormandy.</p><p></p><p>"<span style="color: DarkOrange"><em>The toolkit provides only minimal validation of the URL parameter, allowing us to pass arbitrary parameters to the javaws [Java Web Start] utility, which provides enough functionality via command line arguments to allow this error to be exploited," Ormandy wrote. "The simplicity with which this error can be discovered has convinced me that releasing this document is in the best interest of everyone except the vendor.</em></span>"</p><p></p><p><strong><span style="color: Red">The vulnerability affects all current versions of Windows and the major browsers including Firefox, Internet Explorer and Chrome, according to Kaspersky Lab's Threat Post blog.</span></strong></p><p></p><p>Ormandy said he informed Sun about the problem but was told it was not considered high enough priority to issue a patch outside of the regular quarterly patch cycle.</p><p>Representatives at Oracle, which recently acquired Sun Microsystems, did not respond to a phone call and e-mails seeking comment late on Friday.</p><p></p><p><a href="http://news.cnet.com/8301-27080_3-20002199-245.html" target="_blank">Article</a></p></blockquote><p></p>
[QUOTE="methsri, post: 7230324, member: 65662"] A vulnerability in Java technology could be exploited by attackers and used to compromise computers running Windows if they visit a Web page hosting malicious code, two researchers warned on Friday. Google engineer [COLOR="Blue"]Tavis Ormandy[/COLOR] released details on the Full Disclosure e-mail list and Ruben Santamarta, an engineer for Wintercore, wrote about it on his company's blog site. [FONT="Verdana"]The problem is with the Java Web Start framework, which allows developers an easy way to create Java applications. Disabling the Java plug-in will not protect against an attack[/FONT], according to Ormandy. "[COLOR="DarkOrange"][I]The toolkit provides only minimal validation of the URL parameter, allowing us to pass arbitrary parameters to the javaws [Java Web Start] utility, which provides enough functionality via command line arguments to allow this error to be exploited," Ormandy wrote. "The simplicity with which this error can be discovered has convinced me that releasing this document is in the best interest of everyone except the vendor.[/I][/COLOR]" [B][COLOR="Red"]The vulnerability affects all current versions of Windows and the major browsers including Firefox, Internet Explorer and Chrome, according to Kaspersky Lab's Threat Post blog.[/COLOR][/B] Ormandy said he informed Sun about the problem but was told it was not considered high enough priority to issue a patch outside of the regular quarterly patch cycle. Representatives at Oracle, which recently acquired Sun Microsystems, did not respond to a phone call and e-mails seeking comment late on Friday. [URL="http://news.cnet.com/8301-27080_3-20002199-245.html"]Article[/URL] [/QUOTE]
Insert quotes…
Verification
Haya warak paha keeyada? (haya wadi kireema paha)
Post reply
Top
Bottom