Java Applet 1.1/1.2 Security hole with IE 5.5/ 6/ 7
843807May 11 2009 — edited May 11 2009We're working on an applet that has to support Microsoft JVM (JDK 1.1)
we noticed a security hole when using IE with msjvm that is:
let's say we have a package in our applet called "com" which contains the classes.
if the user places a folder on his desktop with the same name "com" and containing identical modified classes.
and then tries to go to the page of the applet, it will run the code that resides on his desktop not the actual code of the applet.
We suspect it's the class loader fault.
can any one give us any idea about this and how it can be solved?
-----
the applet is running on MS windows XP with IE6 and msjvm.