Easy to Learn Java: Programming Articles, Examples and Tips

Start with Java in a few days with Java Lessons or Lectures


Code Examples

Java Tools

More Java Tools!

Java Forum

All Java Tips


Submit News
Search the site here...
Search the JavaFAQ.nu
1000 Java Tips ebook

1000 Java Tips - Click here for the high resolution copy!1000 Java Tips - Click here for the high resolution copy!

Java Screensaver, take it here

Free "1000 Java Tips" eBook is here! It is huge collection of big and small Java programming articles and tips. Please take your copy here.

Take your copy of free "Java Technology Screensaver"!.

Microsoft warns of Java flaws

JavaFAQ Home » Security Go to all tips in Security

Bookmark and Share

Microsoft late Wednesday issued a "critical" security alert for a series of Java Virtual Machine bugs, one of which could allow a hacker to steal information or reformat the hard drives of compromised computers.

The alert, which relates to Microsoft's version of the JVM, comes a week after Sun Microsystems asked a federal judge to issue an injunction compelling the software titan to carry Sun's version of the JVM in the Windows XP operating system.

Microsoft's version of the JVM is based on 5-year-old Sun technology. Microsoft gave the series of JVM glitches its highest alert rating because the extensive amount of damage a hacker could do if a computer is compromised.

The Redmond, Wash.-based company identified eight vulnerabilities in all, rating one "critical," two as "important," two "moderate" and three "low."

The most serious of the security holes "could enable an attacker’s Java applet to gain control over another user’s system," according to the alert.

 "This would enable the attacker to take any desired action on the user’s system; for instance, the attacker could add, delete or change data on the user’s system; communicate with Web sites; load and run programs; reformat the hard drive, and so forth."

The exploit is possible because of a flaw in the way Microsoft's JVM handles software written to Microsoft’s Component Object Model (COM).

"Although the Microsoft (JVM) has security checks to prevent Java applets from invoking COM objects, there is a method of invoking them that bypasses the checks," according to the security bulletin.

A hacker could use a Web site or HTML-based e-mail to begin the attack.
Article continues at CNET.com

By Joe Wilcox
Staff Writer, CNET News.com

 Printer Friendly Page  Printer Friendly Page
 Send to a Friend  Send to a Friend

.. Bookmark and Share

Search here again if you need more info!
Custom Search

Home Code Examples Java Forum All Java Tips Books Submit News, Code... Search... Offshore Software Tech Doodling

RSS feed Java FAQ RSS feed Java FAQ News     

    RSS feed Java Forums RSS feed Java Forums

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest 1999-2006 by Java FAQs Daily Tips.

Interactive software released under GNU GPL, Code Credits, Privacy Policy