Critical flaw Java

Closed
jalobservateur Posts 7372 Registration date Sunday July 15, 2007 Status Security contributor Last seen May 9, 2012 - Apr 22, 2010 at 01:35 PM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Apr 22, 2010 at 05:20 PM
Attention to Windows users for, all editions.
An important fault has just been discovered in Java and not corrected for the moment...

The fact of decontaminating the Javascript does not protect from the exploitation from this vulnerability.
Currently without clear information on behalf of Sun on the correction of this fault, it is advised with the user to manually modify his software configurations.
For the two following navigators, handling below makes it possible to limit the risks:
-------------------------------------------------------------------------------------
1: For Firefox: Check if you have in your plugins this:
Java Deployment Toolkit.
If such is the case, opens Tools and chooses "Addons Modules".
In the Plugins section select Java Deployment Toolkit and click on Desactivate.
---------------
2: For Internet Explorer, it is necessary to place a "Bit stop" for following ActiveX: '' Classe ID CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA ''. Here a tuto on the way in which of carrying out this handling: https://support.microsoft.com/en-us/topic/out-of-date-activex-controls-3ad33b2d-1cee-5d46-1234-e70714324850
Less freindly to use like handling, but essential.
@+
----------
Explanation of the threat: The method of attack makes it possible to carry out arbitration code with the execution of the launcher Web Java. Thus to carry out thereafter with administrative permissions, of the gestures serious and takeover of the targeted machines.
-------------------
Infos additional: Java Deployment Toolkit is installed automatically with the Java Runtime Environment since version 6 (release 10) in navigators Internet like Microsoft Internet Explorer, Mozilla Firefox or Google Chrome.
Initial post here french: https://forums.commentcamarche.net/forum/affich-17368464-faille-tres-critique-java-non-corrigee
Jalobservateur



Steve Job 'Apple' est un génie du marketing, Bill Gates un génie de la finance 'W$'
puis Linus Torvald et Richard Stallman 'Gnu/Linux' sont des génies de l'informatique...
La vérité n'est pas toujours où nous cherchons, mais souvent où l'on refuse de voir...
Related:

3 responses

aquarelle Posts 7140 Registration date Saturday April 7, 2007 Status Moderator Last seen March 25, 2024 491
Apr 22, 2010 at 01:43 PM
Hello Jal,

Thank you so much for sharing this information with us.

Welcome !

Best regards
0
jalobservateur Posts 7372 Registration date Sunday July 15, 2007 Status Security contributor Last seen May 9, 2012
Apr 22, 2010 at 02:21 PM
You Welcome !
Take care ;)
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,169
Apr 22, 2010 at 03:58 PM
Hello Jal

Thank you very much. Do you know the date of the discovery, I may put it in the title for reference?

Thank you again
0
jalobservateur Posts 7372 Registration date Sunday July 15, 2007 Status Security contributor Last seen May 9, 2012
Apr 22, 2010 at 05:11 PM
Hi Ambucias :)
Yes, the date of discovery is about 2 hours before my fist post here on french CCM.
Ouep good contact ..
So, if you can translate this post you'l see there is some correctives apply, but not too good so far ...
Then M0e and Lyonnais92 wrote a couple messages to explain how to fix-it for IE, but for Fox like i suggest it's very easy :)

There it is : 14 avr 2010 à midnight ( but it can be before, but i receive à this time)
Steve Job 'Apple' est un génie du marketing, Bill Gates un génie de la finance 'W$'
puis Linus Torvald et Richard Stallman 'Gnu/Linux' sont des génies de l'informatique...
La vérité n'est pas toujours où nous cherchons, mais souvent où l'on refuse de voir...
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,169
Apr 22, 2010 at 05:20 PM
Okay,

Thank you and Merci
0