[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] How to disable Java Deployment Toolkit
- To: "'Nick Boyce'" <nick.boyce@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] How to disable Java Deployment Toolkit
- From: Křištof Želechovski <giecrilj@xxxxxxxxxxxx>
- Date: Sat, 17 Apr 2010 11:31:22 +0200
This Java Deployment Toolkit block obviously depends on the release number.
This will be a problem only if next releases need blocking. I hope the hole
will be patched though; it is not rocket science to get it right. I would
patch it if I were a serious vendor.
Cheers,
Chris
-----Original Message-----
From: Nick Boyce [mailto:nick.boyce@xxxxxxxxx]
Sent: Saturday, April 17, 2010 5:22 AM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Cc: Kristof Zelechovski
Subject: Re: [Full-disclosure] How to disable Java Deployment Toolkit
On Wed, Apr 14, 2010 at 11:15 AM, Kristof Zelechovski
<giecrilj@xxxxxxxxxxxx> wrote:
> Regarding the Java Deployment Toolkit vulnerability:
> On Windows XP and later: open the Local Security Settings console and
> create a prohibition rule for the path
> %HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web
> Start\1.6.0_19\HOME%/JAVAWS.EXE
Hmm ... presumably that would that need repeating for every later (and
older) Java release until the functionality is believed safe ?
Cheers
Nick
--
Leave the Olympics in Greece, where they belong.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/