This is not an attack against Java or JSP based websites - this is an attack against Java running in your client browser.
And there have been plenty of attacks against vulnerabilities exploitable via IE (e.g. in XML parser, DHTML etc.) Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of Katherine Moss Sent: Saturday, 12 January 2013 10:48 AM To: ozDotNet Subject: RE: [OT] Java 0-day vulnerability Because it seems that with .NET, problems are actually fixed; no one gives Microsoft the credit they deserve! When is the last time you have heard of the bad guys touching an ASP.net web site with there poison code? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Ken Schaefer Sent: Friday, January 11, 2013 7:31 AM To: ozDotNet Subject: RE: [OT] Java 0-day vulnerability I think I've seen plenty of suggestions to avoid using IE in similar circumstances. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Wallace Turner Sent: Friday, 11 January 2013 4:53 PM To: ozDotNet Subject: [OT] Java 0-day vulnerability http://thenextweb.com/insider/2013/01/10/new-java-vulnerability-is-being-exploited-in-the-wild-disabling-java-is-currently-your-only-option/ >Overview - Java 7 Update 10 and earlier contain an unspecified vulnerability >that can allow a remote, unauthenticated attacker to execute arbitrary code on >a vulnerable system. >We recommend that regardless of what browser and operating system you're >using, you should uninstall Java if you don't need it. If you do need it, use >a separate browser when Java is required, and make sure to disable Java in >your default browser. Most 'media' sites recommend the same action (perhaps they got it from the same source) - I can't help but feel a little sorry for Java and the conspiracist in me is firing up. If I had a dollar for every time there was a windows/IE.NET vulnerability with the same risk ( allow a remote, unauthenticated attacker to execute arbitrary code) ... and no media outlet suggests uninstalling windows or .NET.
