AOL Corporate Communications Affected

Updated: November 09, 2000

Status

Affected

Vendor Statement

Netscape takes all security issues very seriously, and we are working to quickly evaluate and address this concern. If the reports are accurate, we plan to make a patch available, but in the interim, users can protect themselves by simply turning off Java. Users can also visit http://www.netscape.com/security to get the mostup to date information on a patch, and its availability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Systems running Netscape Communicator version 4.04 through 4.74 with Java enabled. Netscape 6 is unaffected by this problem.

Microsoft Corporation Not Affected

Updated: October 11, 2000

Status

Not Affected

Vendor Statement

Brown Orifice does not exploit any vulnerabilities in Microsoft Products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sun Affected

Updated: October 11, 2000

Status

Affected

Vendor Statement

Sun is working with Netscape to deliver a new version of Navigator and Communicator that will fix this problem.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.