Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: New Java update (1.5.0u11) and a Microsoft Word 2000 vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Java update (1.5.0u11) and a Microsoft Word 2000 vulnerability
Sun recently released (another) update for Java 1.5.0, Update 11. There are a bunch of bug fixes and I didn’t see anything serious related to security.
However, it is worth noting that this update contains time zone data that incorporates Day Light Saving changes for 2007 (we wrote about this previously,, but will use another opportunity to remind you about the changes).
Java update should be available automatically now as well – just remember to remove the old update revisions if you don’t need them any more (after you’ve thoroughly tested all your applications, of course).

McAfee published information about a new 0-day exploit for Word. They’ve notified Microsoft and it looks like the vulnerability is limited to Denial of Service. We’ve updated the list of 0-days in Microsoft products which you can find here: will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Pen Test Hackfest Europe 2022 - Berlin


403 Posts
ISC Handler
Feb 13th 2007

Sign Up for Free or Log In to start participating in the conversation!