A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows 98 » General
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

More Flash and JAVA warnings



 
 
Thread Tools Display Modes
  #1  
Old November 10th 09, 04:03 PM posted to microsoft.public.win98.gen_discussion
MEB[_17_]
External Usenet User
 
Posts: 1,830
Default More Flash and JAVA warnings

Some of the below may not have relevance in 9X, make sure to check the
actual related articles.

adobe -- shockwave_player
Vulnerable software and versions

cpe:/a:adobe:shockwave_player:11.5.0.596
cpe:/a:adobe:shockwave_player:11.5.0.595
cpe:/a:adobe:shockwave_player:11.0.0.456
cpe:/a:adobe:shockwave_player:10.1.0.11
cpe:/a:adobe:shockwave_player:1.0
cpe:/a:adobe:shockwave_player:2.0
cpe:/a:adobe:shockwave_player:3.0
cpe:/a:adobe:shockwave_player:4.0
cpe:/a:adobe:shockwave_player:5.0
cpe:/a:adobe:shockwave_player:6.0
cpe:/a:adobe:shockwave_player:8.0
cpe:/a:adobe:shockwave_player:8.5.1
cpe:/a:adobe:shockwave_player:9
cpe:/a:adobe:shockwave_player:11.5.1.601 and previous versions

High Vulnerabilities
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3466
see this one in particular as it affects other versions as well


JAVA High Vulnerabilities

sun -- jdk
sun -- jre
The Java Update functionality in Java Runtime Environment (JRE) in Sun
Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before
Update 17, when a non-English version of Windows is used, does not
retrieve available new JRE versions, which allows remote attackers to
leverage vulnerabilities in older releases of this software, aka Bug Id
6869694. 2009-11-05 7.5 CVE-2009-3864
VUPEN
SUNALERT
sun -- jdk
sun -- jre
The launch method in the Deployment Toolkit plugin in Java Runtime
Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17
allows remote attackers to execute arbitrary commands via a crafted web
page, aka Bug Id 6869752. 2009-11-05 9.3 CVE-2009-3865
VUPEN
BID
SUNALERT
sun -- jdk
sun -- jre
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before
Update 17 does not properly use security model permissions when removing
installer extensions, which allows remote attackers to execute arbitrary
code by modifying a certain JNLP file to have a URL field that points to
an unintended trusted application, aka Bug Id 6872824. 2009-11-05
9.3 CVE-2009-3866
MISC
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Stack-based buffer overflow in the HsbParser.getSoundBank function in
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before
Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x
before 1.4.2_24 allows remote attackers to execute arbitrary code via a
long file: URL in an argument, aka Bug Id 6854303. 2009-11-05 9.3
CVE-2009-3867
MISC
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before
Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x
before 1.4.2_24 does not properly parse color profiles, which allows
remote attackers to gain privileges via a crafted image file, aka Bug Id
6862970. 2009-11-05 9.3 CVE-2009-3868
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Stack-based buffer overflow in the setDiffICM function in the Abstract
Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in
JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK
and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24
allows remote attackers to execute arbitrary code via a crafted
argument, aka Bug Id 6872357. 2009-11-05 9.3 CVE-2009-3869
MISC
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Heap-based buffer overflow in the setBytePixels function in the
Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun
Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update
17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before
1.4.2_24 allows remote attackers to execute arbitrary code via crafted
arguments, aka Bug Id 6872358. 2009-11-05 9.3 CVE-2009-3871
MISC
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in
JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK
and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24
allows remote attackers to gain privileges via a crafted image file, aka
Bug Id 6862969. 2009-11-05 10.0 CVE-2009-3872
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Integer overflow in the JPEGImageReader implementation in the ImageI/O
component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and
JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows
remote attackers to execute arbitrary code via large subsample
dimensions in a JPEG file that triggers a heap-based buffer overflow,
aka Bug Id 6874643. 2009-11-05 9.3 CVE-2009-3874
MISC
SUNALERT

Medium Vulnerabilities

sun -- jdk
sun -- jre
sun -- sdk
The MessageDigest.isEqual function in Java Runtime Environment (JRE) in
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before
Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x
before 1.4.2_24 allows remote attackers to spoof HMAC-based digital
signatures, and possibly bypass authentication, via unspecified vectors
related to "timing attack vulnerabilities," aka Bug Id 6863503.
2009-11-05 5.0 CVE-2009-3875
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before
Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before
1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers
to cause a denial of service (memory consumption) via crafted DER
encoded data, which is not properly decoded by the ASN.1 DER input
stream parser, aka Bug Id 6864911. 2009-11-05 5.0 CVE-2009-3876
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before
Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before
1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers
to cause a denial of service (memory consumption) via crafted HTTP
headers, which are not properly parsed by the ASN.1 DER input stream
parser, aka Bug Id 6864911. 2009-11-05 5.0 CVE-2009-3877
SUNALERT

Low Vulnerabilities

sun -- jdk
sun -- jre
sun -- sdk
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update
22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before
1.4.2_24 allows remote attackers to gain privileges via a crafted image
file, related to a "quantization problem," aka Bug Id 6862968.
2009-11-05 0.0 CVE-2009-3873
SUNALERT

Source:
http://www.us-cert.gov/cas/bulletins/SB09-313.html


--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
If running JAVA JDK JRE [see recent JAVA and Flash posted warning]and Office 2002 and above MEB[_17_] General 24 November 20th 09 12:41 AM
More Flash and JAVA warnings MEB[_17_] General 12 November 11th 09 07:55 AM
security certificates warnings at every site brenda_northway via WindowsKB.com General 1 March 29th 07 04:02 AM
How to get rid of Adobe Flash Player 9 security warnings? mistral General 8 September 12th 06 10:16 AM
ActiveX warnings! Grrrrr!!!! seabat General 4 March 5th 05 08:10 PM


All times are GMT +1. The time now is 10:45 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.