If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
More Flash and JAVA warnings
Some of the below may not have relevance in 9X, make sure to check the
actual related articles. adobe -- shockwave_player Vulnerable software and versions cpe:/a:adobe:shockwave_player:11.5.0.596 cpe:/a:adobe:shockwave_player:11.5.0.595 cpe:/a:adobe:shockwave_player:11.0.0.456 cpe:/a:adobe:shockwave_player:10.1.0.11 cpe:/a:adobe:shockwave_player:1.0 cpe:/a:adobe:shockwave_player:2.0 cpe:/a:adobe:shockwave_player:3.0 cpe:/a:adobe:shockwave_player:4.0 cpe:/a:adobe:shockwave_player:5.0 cpe:/a:adobe:shockwave_player:6.0 cpe:/a:adobe:shockwave_player:8.0 cpe:/a:adobe:shockwave_player:8.5.1 cpe:/a:adobe:shockwave_player:9 cpe:/a:adobe:shockwave_player:11.5.1.601 and previous versions High Vulnerabilities http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3466 see this one in particular as it affects other versions as well JAVA High Vulnerabilities sun -- jdk sun -- jre The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694. 2009-11-05 7.5 CVE-2009-3864 VUPEN SUNALERT sun -- jdk sun -- jre The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. 2009-11-05 9.3 CVE-2009-3865 VUPEN BID SUNALERT sun -- jdk sun -- jre The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824. 2009-11-05 9.3 CVE-2009-3866 MISC SUNALERT sun -- jdk sun -- jre sun -- sdk Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. 2009-11-05 9.3 CVE-2009-3867 MISC SUNALERT sun -- jdk sun -- jre sun -- sdk Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. 2009-11-05 9.3 CVE-2009-3868 SUNALERT sun -- jdk sun -- jre sun -- sdk Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. 2009-11-05 9.3 CVE-2009-3869 MISC SUNALERT sun -- jdk sun -- jre sun -- sdk Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. 2009-11-05 9.3 CVE-2009-3871 MISC SUNALERT sun -- jdk sun -- jre sun -- sdk Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. 2009-11-05 10.0 CVE-2009-3872 SUNALERT sun -- jdk sun -- jre sun -- sdk Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. 2009-11-05 9.3 CVE-2009-3874 MISC SUNALERT Medium Vulnerabilities sun -- jdk sun -- jre sun -- sdk The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503. 2009-11-05 5.0 CVE-2009-3875 SUNALERT sun -- jdk sun -- jre sun -- sdk Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. 2009-11-05 5.0 CVE-2009-3876 SUNALERT sun -- jdk sun -- jre sun -- sdk Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. 2009-11-05 5.0 CVE-2009-3877 SUNALERT Low Vulnerabilities sun -- jdk sun -- jre sun -- sdk The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. 2009-11-05 0.0 CVE-2009-3873 SUNALERT Source: http://www.us-cert.gov/cas/bulletins/SB09-313.html -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#2
|
|||
|
|||
More Flash and JAVA warnings
MEB wrote:
(...) What Meb didn't tell you (which is arguably more important than what he did post) is how to download the latest Java J I will tell you how. Here is the direct download link for Sun Java Runtime version 5 update 22: http://tinyurl.com/yex7tkd Now, isin't that better (and more useful to the average reader) than reading pages and pages of useless technical information that Meb parrots from other sources? Meb, if you want to really help people here and be useful to them, you could at least post useful information. |
#3
|
|||
|
|||
More Flash and JAVA warnings
MEB wrote:
(...) What Meb didn't tell you (which is arguably more important than what he did post) is how to download the latest Java J I will tell you how. Here is the direct download link for Sun Java Runtime version 5 update 22: http://tinyurl.com/yex7tkd Now, isin't that better (and more useful to the average reader) than reading pages and pages of useless technical information that Meb parrots from other sources? Meb, if you want to really help people here and be useful to them, you could at least post useful information. |
#4
|
|||
|
|||
More Flash and JAVA warnings
98 Guy wrote:
MEB wrote: (...) What Meb didn't tell you (which is arguably more important than what he did post) is how to download the latest Java J I will tell you how. Here is the direct download link for Sun Java Runtime version 5 update 22: http://tinyurl.com/yex7tkd Now, isin't that better (and more useful to the average reader) than reading pages and pages of useless technical information that Meb parrots from other sources? Meb, if you want to really help people here and be useful to them, you could at least post useful information. Really, so how do expect to convince users to update if they think their version is sufficient and lacks vulnerabilities. Moreover, some of the links in the articles direct to *Adobe* for further information AND to updated sources... get a life, and make an effort to understand the world in which you live. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#5
|
|||
|
|||
More Flash and JAVA warnings
98 Guy wrote:
MEB wrote: (...) What Meb didn't tell you (which is arguably more important than what he did post) is how to download the latest Java J I will tell you how. Here is the direct download link for Sun Java Runtime version 5 update 22: http://tinyurl.com/yex7tkd Now, isin't that better (and more useful to the average reader) than reading pages and pages of useless technical information that Meb parrots from other sources? Meb, if you want to really help people here and be useful to them, you could at least post useful information. Really, so how do expect to convince users to update if they think their version is sufficient and lacks vulnerabilities. Moreover, some of the links in the articles direct to *Adobe* for further information AND to updated sources... get a life, and make an effort to understand the world in which you live. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#6
|
|||
|
|||
More Flash and JAVA warnings
98 Guy, the tinyurl link throws an error message saying I am not
authorized to view the page ... are you sure the link is correct? --- "98 Guy" wrote in message ... MEB wrote: (...) What Meb didn't tell you (which is arguably more important than what he did post) is how to download the latest Java J I will tell you how. Here is the direct download link for Sun Java Runtime version 5 update 22: http://tinyurl.com/yex7tkd Now, isin't that better (and more useful to the average reader) than reading pages and pages of useless technical information that Meb parrots from other sources? Meb, if you want to really help people here and be useful to them, you could at least post useful information. |
#7
|
|||
|
|||
More Flash and JAVA warnings
98 Guy, the tinyurl link throws an error message saying I am not
authorized to view the page ... are you sure the link is correct? --- "98 Guy" wrote in message ... MEB wrote: (...) What Meb didn't tell you (which is arguably more important than what he did post) is how to download the latest Java J I will tell you how. Here is the direct download link for Sun Java Runtime version 5 update 22: http://tinyurl.com/yex7tkd Now, isin't that better (and more useful to the average reader) than reading pages and pages of useless technical information that Meb parrots from other sources? Meb, if you want to really help people here and be useful to them, you could at least post useful information. |
#8
|
|||
|
|||
More Flash and JAVA warnings
MEB wrote:
Meb, if you want to really help people here and be useful to them, you could at least post useful information. Really, so how do expect to convince users to update if they think their version is sufficient and lacks vulnerabilities. Why didn't you post a link to Java 5.22 *AND* tell them why they should download it? Moreover, some of the links in the articles direct to *Adobe* for further information AND to updated sources... SO WHAT ?! get a life, Get a clue. |
#9
|
|||
|
|||
More Flash and JAVA warnings
MEB wrote:
Meb, if you want to really help people here and be useful to them, you could at least post useful information. Really, so how do expect to convince users to update if they think their version is sufficient and lacks vulnerabilities. Why didn't you post a link to Java 5.22 *AND* tell them why they should download it? Moreover, some of the links in the articles direct to *Adobe* for further information AND to updated sources... SO WHAT ?! get a life, Get a clue. |
#10
|
|||
|
|||
More Flash and JAVA warnings
someone watching top-poasted:
98 Guy, the tinyurl link throws an error message saying I am not authorized to view the page ... are you sure the link is correct? The link was for a .exe file. You must have some software on your system that is blocking any attepts to access exe files via http. The link works. http://tinyurl.com/yex7tkd |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Can't prevent IE 5.5 SP2 from issuing two security warnings | David | General | 10 | September 22nd 09 12:51 AM |
US-CERT Technical Cyber Security Alert TA09-204A -- Adobe Flash VulnerabilityAffects Flash Player and Other Adobe Products | MEB[_17_] | General | 58 | July 31st 09 12:59 AM |
security certificates warnings at every site | brenda_northway via WindowsKB.com | General | 1 | March 29th 07 04:02 AM |
How to get rid of Adobe Flash Player 9 security warnings? | mistral | General | 8 | September 12th 06 10:16 AM |
ActiveX warnings! Grrrrr!!!! | seabat | General | 4 | March 5th 05 07:10 PM |