This Java Deployment Toolkit block obviously depends on the release number. This will be a problem only if next releases need blocking. I hope the hole will be patched though; it is not rocket science to get it right. I would patch it if I were a serious vendor. Cheers, Chris
-----Original Message----- From: Nick Boyce [mailto:nick.bo...@gmail.com] Sent: Saturday, April 17, 2010 5:22 AM To: full-disclosure@lists.grok.org.uk Cc: Kristof Zelechovski Subject: Re: [Full-disclosure] How to disable Java Deployment Toolkit On Wed, Apr 14, 2010 at 11:15 AM, Kristof Zelechovski <giecr...@stegny.2a.pl> wrote: > Regarding the Java Deployment Toolkit vulnerability: > On Windows XP and later: open the Local Security Settings console and > create a prohibition rule for the path > %HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web > Start\1.6.0_19\HOME%/JAVAWS.EXE Hmm ... presumably that would that need repeating for every later (and older) Java release until the functionality is believed safe ? Cheers Nick -- Leave the Olympics in Greece, where they belong. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/