Java technology vulnerability could compromise desktop computers and laptop computers running Windows
Java technology vulnerability has been reported by researchers and it could be exploited by attackers and used to compromise desktop computers and laptop computers running Windows in case they visit webpage hosting malicious code.
The problem has been reported with Java Web Start framework which enables developers to create Java applications in an easy manner. Even disabling Java plug is not expected to offer safeguard against attack. The vulnerability has been reported on all current versions of Windows and other browsers including the likes of Chrome, Internet Explorer and Firefox.
Sun has been informed regarding the problem but the company said that the risk was not high enough for issuing patch outside the regular quarterly patch cycle.
As per details provided by Tavis Ormandy, Google engineer:
The toolkit provides only minimal validation of the URL parameter, allowing us to pass arbitrary parameters to the javaws [Java Web Start] utility, which provides enough functionality via command line arguments to allow this error to be exploited. The simplicity with which this error can be discovered has convinced me that releasing this document is in the best interest of everyone except the vendor.
July 18th, 2010 at 8:37 pm
In these days JAVA is being used heavily by users thanks for giving us awareness. I just want to know how much does it can effect a computer? How much potentiality does it have ?
November 1st, 2010 at 11:32 pm
Indeed a very good read! Very informative post with pretty good insight on all aspects of the topic! Will keep visiting in future too!