More Flash and JAVA warnings

Some of the below may not have relevance in 9X, make sure to check the
actual related articles.

adobe -- shockwave_player
Vulnerable software and versions

cpe:/a:adobe:shockwave_player:11.5.0.596
cpe:/a:adobe:shockwave_player:11.5.0.595
cpe:/a:adobe:shockwave_player:11.0.0.456
cpe:/a:adobe:shockwave_player:10.1.0.11
cpe:/a:adobe:shockwave_player:1.0
cpe:/a:adobe:shockwave_player:2.0
cpe:/a:adobe:shockwave_player:3.0
cpe:/a:adobe:shockwave_player:4.0
cpe:/a:adobe:shockwave_player:5.0
cpe:/a:adobe:shockwave_player:6.0
cpe:/a:adobe:shockwave_player:8.0
cpe:/a:adobe:shockwave_player:8.5.1
cpe:/a:adobe:shockwave_player:9
cpe:/a:adobe:shockwave_player:11.5.1.601 and previous versions

High Vulnerabilities
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3466
see this one in particular as it affects other versions as well


JAVA High Vulnerabilities

sun -- jdk
sun -- jre
The Java Update functionality in Java Runtime Environment (JRE) in Sun
Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before
Update 17, when a non-English version of Windows is used, does not
retrieve available new JRE versions, which allows remote attackers to
leverage vulnerabilities in older releases of this software, aka Bug Id
6869694. 2009-11-05 7.5 CVE-2009-3864
VUPEN
SUNALERT
sun -- jdk
sun -- jre
The launch method in the Deployment Toolkit plugin in Java Runtime
Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17
allows remote attackers to execute arbitrary commands via a crafted web
page, aka Bug Id 6869752. 2009-11-05 9.3 CVE-2009-3865
VUPEN
BID
SUNALERT
sun -- jdk
sun -- jre
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before
Update 17 does not properly use security model permissions when removing
installer extensions, which allows remote attackers to execute arbitrary
code by modifying a certain JNLP file to have a URL field that points to
an unintended trusted application, aka Bug Id 6872824. 2009-11-05
9.3 CVE-2009-3866
MISC
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Stack-based buffer overflow in the HsbParser.getSoundBank function in
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before
Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x
before 1.4.2_24 allows remote attackers to execute arbitrary code via a
long file: URL in an argument, aka Bug Id 6854303. 2009-11-05 9.3
CVE-2009-3867
MISC
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before
Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x
before 1.4.2_24 does not properly parse color profiles, which allows
remote attackers to gain privileges via a crafted image file, aka Bug Id
6862970. 2009-11-05 9.3 CVE-2009-3868
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Stack-based buffer overflow in the setDiffICM function in the Abstract
Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in
JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK
and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24
allows remote attackers to execute arbitrary code via a crafted
argument, aka Bug Id 6872357. 2009-11-05 9.3 CVE-2009-3869
MISC
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Heap-based buffer overflow in the setBytePixels function in the
Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun
Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update
17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before
1.4.2_24 allows remote attackers to execute arbitrary code via crafted
arguments, aka Bug Id 6872358. 2009-11-05 9.3 CVE-2009-3871
MISC
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in
JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK
and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24
allows remote attackers to gain privileges via a crafted image file, aka
Bug Id 6862969. 2009-11-05 10.0 CVE-2009-3872
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Integer overflow in the JPEGImageReader implementation in the ImageI/O
component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and
JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows
remote attackers to execute arbitrary code via large subsample
dimensions in a JPEG file that triggers a heap-based buffer overflow,
aka Bug Id 6874643. 2009-11-05 9.3 CVE-2009-3874
MISC
SUNALERT

Medium Vulnerabilities

sun -- jdk
sun -- jre
sun -- sdk
The MessageDigest.isEqual function in Java Runtime Environment (JRE) in
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before
Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x
before 1.4.2_24 allows remote attackers to spoof HMAC-based digital
signatures, and possibly bypass authentication, via unspecified vectors
related to "timing attack vulnerabilities," aka Bug Id 6863503.
2009-11-05 5.0 CVE-2009-3875
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before
Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before
1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers
to cause a denial of service (memory consumption) via crafted DER
encoded data, which is not properly decoded by the ASN.1 DER input
stream parser, aka Bug Id 6864911. 2009-11-05 5.0 CVE-2009-3876
SUNALERT
sun -- jdk
sun -- jre
sun -- sdk
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before
Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before
1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers
to cause a denial of service (memory consumption) via crafted HTTP
headers, which are not properly parsed by the ASN.1 DER input stream
parser, aka Bug Id 6864911. 2009-11-05 5.0 CVE-2009-3877
SUNALERT

Low Vulnerabilities

sun -- jdk
sun -- jre
sun -- sdk
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update
22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before
1.4.2_24 allows remote attackers to gain privileges via a crafted image
file, related to a "quantization problem," aka Bug Id 6862968.
2009-11-05 0.0 CVE-2009-3873
SUNALERT

Source:
http://www.us-cert.gov/cas/bulletins/SB09-313.html


--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

MEB wrote:

(...)

What Meb didn't tell you (which is arguably more important than what he
did post) is how to download the latest Java J

I will tell you how.

Here is the direct download link for Sun Java Runtime version 5 update
22:

http://tinyurl.com/yex7tkd

Now, isin't that better (and more useful to the average reader) than
reading pages and pages of useless technical information that Meb
parrots from other sources?

Meb, if you want to really help people here and be useful to them, you
could at least post useful information.

MEB wrote:

(...)

What Meb didn't tell you (which is arguably more important than what he
did post) is how to download the latest Java J

I will tell you how.

Here is the direct download link for Sun Java Runtime version 5 update
22:

http://tinyurl.com/yex7tkd

Now, isin't that better (and more useful to the average reader) than
reading pages and pages of useless technical information that Meb
parrots from other sources?

Meb, if you want to really help people here and be useful to them, you
could at least post useful information.

98 Guy wrote:
MEB wrote:

(...)

What Meb didn't tell you (which is arguably more important than what he
did post) is how to download the latest Java J

I will tell you how.

Here is the direct download link for Sun Java Runtime version 5 update
22:

http://tinyurl.com/yex7tkd

Now, isin't that better (and more useful to the average reader) than
reading pages and pages of useless technical information that Meb
parrots from other sources?

Meb, if you want to really help people here and be useful to them, you
could at least post useful information.

Really, so how do expect to convince users to update if they think
their version is sufficient and lacks vulnerabilities.

Moreover, some of the links in the articles direct to *Adobe* for
further information AND to updated sources... get a life, and make an
effort to understand the world in which you live.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

98 Guy wrote:
MEB wrote:

(...)

What Meb didn't tell you (which is arguably more important than what he
did post) is how to download the latest Java J

I will tell you how.

Here is the direct download link for Sun Java Runtime version 5 update
22:

http://tinyurl.com/yex7tkd

Now, isin't that better (and more useful to the average reader) than
reading pages and pages of useless technical information that Meb
parrots from other sources?

Meb, if you want to really help people here and be useful to them, you
could at least post useful information.

Really, so how do expect to convince users to update if they think
their version is sufficient and lacks vulnerabilities.

Moreover, some of the links in the articles direct to *Adobe* for
further information AND to updated sources... get a life, and make an
effort to understand the world in which you live.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

98 Guy, the tinyurl link throws an error message saying I am not
authorized to view the page ... are you sure the link is correct?
---
"98 Guy" wrote in message ...
MEB wrote:

(...)

What Meb didn't tell you (which is arguably more important than what
he
did post) is how to download the latest Java J

I will tell you how.

Here is the direct download link for Sun Java Runtime version 5 update
22:

http://tinyurl.com/yex7tkd

Now, isin't that better (and more useful to the average reader) than
reading pages and pages of useless technical information that Meb
parrots from other sources?

Meb, if you want to really help people here and be useful to them, you
could at least post useful information.

98 Guy, the tinyurl link throws an error message saying I am not
authorized to view the page ... are you sure the link is correct?
---
"98 Guy" wrote in message ...
MEB wrote:

(...)

What Meb didn't tell you (which is arguably more important than what
he
did post) is how to download the latest Java J

I will tell you how.

Here is the direct download link for Sun Java Runtime version 5 update
22:

http://tinyurl.com/yex7tkd

Now, isin't that better (and more useful to the average reader) than
reading pages and pages of useless technical information that Meb
parrots from other sources?

Meb, if you want to really help people here and be useful to them, you
could at least post useful information.

MEB wrote:

Meb, if you want to really help people here and be useful to them,
you could at least post useful information.

Really, so how do expect to convince users to update if they think
their version is sufficient and lacks vulnerabilities.

Why didn't you post a link to Java 5.22 *AND* tell them why they should
download it?

Moreover, some of the links in the articles direct to *Adobe* for
further information AND to updated sources...

SO WHAT ?!

get a life,

Get a clue.

MEB wrote:

Meb, if you want to really help people here and be useful to them,
you could at least post useful information.

Really, so how do expect to convince users to update if they think
their version is sufficient and lacks vulnerabilities.

Why didn't you post a link to Java 5.22 *AND* tell them why they should
download it?

Moreover, some of the links in the articles direct to *Adobe* for
further information AND to updated sources...

SO WHAT ?!

get a life,

Get a clue.

someone watching top-poasted:

98 Guy, the tinyurl link throws an error message saying I am not
authorized to view the page ... are you sure the link is correct?

The link was for a .exe file.

You must have some software on your system that is blocking any attepts
to access exe files via http.

The link works.

http://tinyurl.com/yex7tkd