Critical flaw Java [Closed]

Report
Posts
7424
Registration date
Sunday July 15, 2007
Status
Security contributor
Last seen
May 9, 2012
-
Ambucias
Posts
51394
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 5, 2020
-
Attention to Windows users for, all editions.
An important fault has just been discovered in Java and not corrected for the moment...

The fact of decontaminating the Javascript does not protect from the exploitation from this vulnerability.
Currently without clear information on behalf of Sun on the correction of this fault, it is advised with the user to manually modify his software configurations.
For the two following navigators, handling below makes it possible to limit the risks:
-------------------------------------------------------------------------------------
1: For Firefox: Check if you have in your plugins this:
Java Deployment Toolkit.
If such is the case, opens Tools and chooses "Addons Modules".
In the Plugins section select Java Deployment Toolkit and click on Desactivate.
---------------
2: For Internet Explorer, it is necessary to place a "Bit stop" for following ActiveX: '' Classe ID CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA ''. Here a tuto on the way in which of carrying out this handling: https://support.microsoft.com/en-us/help/240797/how-to-stop-an-activex-control-from-running-in-internet-explorer
Less freindly to use like handling, but essential.
@+
----------
Explanation of the threat: The method of attack makes it possible to carry out arbitration code with the execution of the launcher Web Java. Thus to carry out thereafter with administrative permissions, of the gestures serious and takeover of the targeted machines.
-------------------
Infos additional: Java Deployment Toolkit is installed automatically with the Java Runtime Environment since version 6 (release 10) in navigators Internet like Microsoft Internet Explorer, Mozilla Firefox or Google Chrome.
Initial post here french: https://www.commentcamarche.net/forum/affich-17368464-faille-tres-critique-java-non-corrigee
Jalobservateur



Steve Job 'Apple' est un génie du marketing, Bill Gates un génie de la finance 'W$'
puis Linus Torvald et Richard Stallman 'Gnu/Linux' sont des génies de l'informatique...
La vérité n'est pas toujours où nous cherchons, mais souvent où l'on refuse de voir...

3 replies

Posts
7241
Registration date
Saturday April 7, 2007
Status
Moderator
Last seen
November 22, 2019
490
Hello Jal,

Thank you so much for sharing this information with us.

Welcome !

Best regards
Posts
7424
Registration date
Sunday July 15, 2007
Status
Security contributor
Last seen
May 9, 2012

You Welcome !
Take care ;)
Ambucias
Posts
51394
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 5, 2020
14,235
Hello Jal

Thank you very much. Do you know the date of the discovery, I may put it in the title for reference?

Thank you again
Posts
7424
Registration date
Sunday July 15, 2007
Status
Security contributor
Last seen
May 9, 2012

Hi Ambucias :)
Yes, the date of discovery is about 2 hours before my fist post here on french CCM.
Ouep good contact ..
So, if you can translate this post you'l see there is some correctives apply, but not too good so far ...
Then M0e and Lyonnais92 wrote a couple messages to explain how to fix-it for IE, but for Fox like i suggest it's very easy :)

There it is : 14 avr 2010 à midnight ( but it can be before, but i receive à this time)
Steve Job 'Apple' est un génie du marketing, Bill Gates un génie de la finance 'W$'
puis Linus Torvald et Richard Stallman 'Gnu/Linux' sont des génies de l'informatique...
La vérité n'est pas toujours où nous cherchons, mais souvent où l'on refuse de voir...
Ambucias
Posts
51394
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 5, 2020
14,235
Okay,

Thank you and Merci