elgato
Joined: 24 Feb 2005
Posts: 17237
Location: Texas
|
| Posted: Fri Apr 09, 2010 10:57 pm Post subject: Sun Java flaw exposes Windows users to dangerous Web attacks |
|
|
Over on Threatpost, Dennis Fisher has a story about a serious Java vulnerability that leaves users running any of the current versions of Windows open to simple Web-based attacks that could lead to a complete compromise of the affected system.
The flaw was disclosed publicly this week by two separate researchers. One of the researchers, Tavis Ormandy of Google, said he decided to go public when Sun declined to issue a prompt fix.
Ormandy explains:
Sun has been informed about this vulnerability, however, they informed me they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle.
For various reasons, I explained that I did did not agree, and intended to publish advice to temporarily disable the affected control until a solution is available.
The flaw, which was also discovered independently by Ruben Santamarta, occurs because the Java-Plugin Browser is running “javaws.exe” without validating command-line parameters.
“These parameters can be controlled by attackers via specially crafted embed HTML tags within a Web page,” Santamarta warned.
more.. link to news article |
|
