http://sunsolve.sun.com/search/docum...=1-26-102171-1

"Note: It is recommended that affected versions be removed from your system. For more
information, please see the installation notes on the respective java.sun.com download
pages."

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

"David H. Lipman" wrote:

Well, which version is NOT affected?

I see that all these cases, that version 1.3.x is not affected.
Should I revert to that version?

How secure is version 1.5.0_05-b05 ?

From: "Virus Guy" <Virus@Guy.com>

| "David H. Lipman" wrote:
|
| Well, which version is NOT affected?
|
| I see that all these cases, that version 1.3.x is not affected.
| Should I revert to that version?
|
| How secure is version 1.5.0_05-b05 ?

Update to and use JRE 5 update 6.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Hi Virus Guy - I would strongly recommend against using ANY version prior to
1.5.0_05-b06. Contrary to the Sun Bulletin, a group of MVP's that have been
working on this issue for several months now have come to stongly suspect
that 1.3.x versions contain an exploit that is being utilized by
Winfixer/Vundo and have been recommending against the use of any earlier
version to include specifically the uninstalling of ALL prior versions. See
here: http://www.frsirt.com/english/advisories/2006/0467 and my Blog.


--
Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
My Blog, Defending Your Machine, here:
http://DefendingYourMachine.blogspot.com/



"Virus Guy" <Virus@Guy.com> wrote in message news:43EA98DA.DE4A9BC9@Guy.com

Art wrote:

I'm running version 1.5.0_05-b05 and ever since I installed that
version (or perhaps a version or two before it) some page components
(presumably java graphics elements) have the annoying habbit of being
rendered/displayed in other windows that have the current focus (such
as word, excel, etc).

For example, on this page:

http:/www.forexdirectory.net/cad.html

The currency matrix above the chart is frequently drawn on-top of
portions of the screen where it shouldn't be (sometimes even on the
desktop). I don't know what that page would look like without Java...

Hi Virus Guy - FWIW, that page renders correctly on my machine using IE6SP1
and 1.5.0_05-b06.

--
Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
My Blog, Defending Your Machine, here:
http://DefendingYourMachine.blogspot.com/



"Virus Guy" <Virus@Guy.com> wrote in message news:43EB516D.4313814C@Guy.com

On that special day, Virus Guy, (Virus@Guy.com) said...

rather empty. At least, if I refuse to let all these advertisment
cookies to be placed on my machine.


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de


--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.

I had that. But on rebooting it was gone.

Stephen Howe

How many wretched versions of Java are there?

I see

J2EE 1.4 SDK
JDK 5.0 Update 6 with NetBeans 5.0
JDK 5.0 Update 6 with NetBeans 4.1
JDK 5.0 Update 6
JRE 5.0 Update 6

very confusing. I think it is the last that I want.

Yet I already have
jre-1_5_0_06-windows-i586-p.exe
downloaded which claims
J2SE Runtime Environment 5.0 Update 6 inside

I think have just uninstalled the latest.

Yet elsewhere on the Internet I see "b09" suffix (I assume build 9).

Stephen Howe

From: "Stephen Howe" <sjhoweATdialDOTpipexDOTcom>

| How many wretched versions of Java are there?
|
| I see
|
| J2EE 1.4 SDK
| JDK 5.0 Update 6 with NetBeans 5.0
| JDK 5.0 Update 6 with NetBeans 4.1
| JDK 5.0 Update 6
| JRE 5.0 Update 6
|
| very confusing. I think it is the last that I want.
|
| Yet I already have
| jre-1_5_0_06-windows-i586-p.exe
| downloaded which claims
| J2SE Runtime Environment 5.0 Update 6 inside
|
| I think have just uninstalled the latest.
|
| Yet elsewhere on the Internet I see "b09" suffix (I assume build 9).
|
| Stephen Howe
|

From what I see the current version is JRE 5 Update 6.

http://www.java.com/en/download/manual.jsp

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

shawn wrote:
....
I'm aware of some software packages written in Java which
come packaged with a JRE (not sure which release, but I"m
sure it is older) to run on Windows. The JRE is only used
with that application and the application is a dedicated
client, used with only a specific server app on dedicated
hosts the customers own. The reason for including a
dedicated JRE is that successive JRE releases were breaking
things.

Q: Is this exploitable, given it is not being used for
general web browsing??

--
Clem
"If you push something hard enough, it will fall over."
- Fudd's first law of opposition

From: "Mr. Uh Clem" <uhclem@DutchElmSt.invalid>

| shawn wrote:
| ...
| come packaged with a JRE (not sure which release, but I"m
| sure it is older) to run on Windows. The JRE is only used
| with that application and the application is a dedicated
| client, used with only a specific server app on dedicated
| hosts the customers own. The reason for including a
| dedicated JRE is that successive JRE releases were breaking
| things.
|
| Q: Is this exploitable, given it is not being used for
| general web browsing??
|

That's a good question. I too have used specific Java apps that come with Java embedded
within the application.

I think it would be best to contact the vendor of that software application and point to the
Sun Java bulletin.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm