[Full-Disclosure] Re: MS-02-052
Jouko Pynnonen
jouko at solutions.fi
Thu Sep 19 23:20:11 BST 2002
On 19 Sep 2002 dev-null at no-id.com wrote:
> Does anybody else find it disturbing that today's JVM patch can only be
> installed through Windows Update, and the Windows Update site now
What's perhaps more disturbing is that most of the reported JVM
vulnerabilities weren't fixed yet and an Applet can still execute
arbitrary code by exploiting the remaining ones. So even with the patch,
enabling MS's Java for IE and the Internet Zone isn't a good idea right
now.
--
Jouko Pynnonen Online Solutions Ltd Secure your Linux -
jouko at solutions.fi http://www.solutions.fi http://www.secmod.com
Full-Disclosure is hosted and sponsored by Secunia.