Java Web Start JNLP File Command Line Argument Injection Vulnerability

Java Web Start JNLP File Command Line Argument Injection Vulnerability

NOTE:

If you intend to install either Version 1.4.2_07, or Version 5.0/1.5.0, then first:

Uninstall the existing Version of Sun Java, using the Add/Remove programs applet.
If there is more than one version in existence, then uninstall ALL versions of Java.

Reboot the PC

Install 1.4.2_07, or 5.0/1.5.0
(I personally recommend 5.0, also called 1.5.0)

Ramona

 

Hi Ramona

I did as you told me and uninstalled both versions and then re-installed version 5. I'm wondering about my wife's computer. She has version 1.4.06 and she just received a message that her "updates" are ready to be downloaded and installed... that is the new version 5. Can she go ahead and simply download this since it appears to be an automatic update from Java OR should she uninstall her older version and then go to Sun and download the newer version? And if this is the case, why does Sun give automatic upgrades like this? I just don't get it. Thanks.

 

James,

Sure, your wife can go ahead and let the autoupdate install 5.0, but... and it's a big exception, I would go with a clean uninstall/install. Then there are no concerns about future problems...

Ramona

 

James

I did the auto update thing and ended up with both 1.4.2_07 and 1.5.0_02 on the computer. I then uninstalled both and installed the latest 1.5.0_02. The update function is really flakey and I won't use it again.

 

Bill,

Thanks for the confirmation on the auto update thingy. Back in the Communicator days, the Smart Update function was flaky too, and I think any user is better off with a nice clean unstall/install with a reboot in between.

Ramona