Anyone jumping through hoops on this one yet?
http://threatpost.com/en_us/blogs/serious-new-java-flaw-affects-all-browsers -040910 It appears to rely on getting a .jar file where it can be accessed at a UNC path. In this article: http://www.mail-archive.com/[email protected]/msg40571.html there's an example that's supposed to prove the exploit, but the example's UNC goes to a jar file at a distant location and that access fails for me. It does occur to me that a .jar file can be downloaded into TIF by trivial code and then accessed from there. Meanwhile, I tried setting the kill bit for the AX control that's supposed to be needed for the exploit under IE, but that makes no difference to the attempted proof of exploit above. I would have thought it might have prevented something before the.jar file access was attempted. Carl ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
