Skip navigation
2010

Emilio Moretti's Blog

March 2010 Previous month Next month

Microsoft warns for a VBScript vulnerability that could allow remote code execution on systems with Windows XP, Windows 2000 and Windows Server 2003. The software giant advises users to be very cautious when a website displays a dialog box that asks to press the F1 key:

Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. The main impact of the vulnerability is remote code execution. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.

The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user. On systems running Windows Server 2003, Internet Explorer Enhanced Security Configuration is enabled by default, which helps to mitigate against this issue.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Microsoft is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

There are still many Java libraries are not support Maven “POM.xml”, and may be we created a custom library which we want include it into Maven local repository. Maven did provides command to let user include our own or “non-maven-support” library into local repository.

 

For example, “kaptcha” is a third party library which can generate captcha image easily, but it did not support or provide pom.xml for Maven project. Here i demonstrate how to install “kaptcha” jar into my Maven’s local repository.

 

Steps of install custom library in Maven’s local repository

 

1) Download the “kaptcha” jar file and put it into c drive, and issue following command

 

mvn install:install-file -Dfile=c:\kaptcha-2.3.jar -DgroupId=com.google.code
-DartifactId=kaptcha -Dversion=2.3 -Dpackaging=jar

 

Result

 

D:\>mvn install:install-file -Dfile=c:\kaptcha-2.3.jar -DgroupId=com.google.code
-DartifactId=kaptcha -Dversion=2.3 -Dpackaging=jar
[INFO] Scanning for projects...
[INFO] Searching repository for plugin with prefix: 'install'.
[INFO] ------------------------------------------------------------------------
[INFO] Building Maven Default Project
[INFO]    task-segment: [install:install-file] (aggregator-style)
[INFO] ------------------------------------------------------------------------
[INFO] [install:install-file]
[INFO] Installing c:\kaptcha-2.3.jar to D:\maven_repo\com\google\code\kaptcha\2.3\kaptcha-2.3.jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESSFUL
[INFO] ------------------------------------------------------------------------
[INFO] Total time: < 1 second
[INFO] Finished at: Tue May 12 13:41:42 SGT 2009
[INFO] Final Memory: 3M/6M
[INFO] ------------------------------------------------------------------------

 

2) Create or modify the Pom.xml file, add the following code

 

<dependency>
      <groupId>com.google.code</groupId>
      <artifactId>kaptcha</artifactId>
      <version>2.3</version>
</dependency>

 

3) Done, “kaptcha” is installed in my Maven local repository.

 

P.S Just issue “mvn eclipse:eclipse” to update our eclipse IDE for the kaptcha library classpath.

Sir Clive Sinclair, the inventor of the legendary Sinclair ZX80 computer, told Guardian that he no longer uses computers. He explains his machines were lean and efficient, and that it makes him sad that today's computers totally abuse their memory and are very wasteful. Sinclair doesn't even use e-mail, he says he's hired people to do all the computer work for him, and that he prefers phone calls anyway.

The ZX80 sold about 50,000 units, and the ZX81 which replaced it cost £69.95 and sold 250,000. The brochure promised that a child of 12 would soon be mastering "decimals, logs and trig", although the trig would have to be saved to a cassette recorder. The average 2GB laptop of today has 2,000,000 times more memory than that offered by Sinclair's first machines, although he is keen to stress that computing ability isn't everything. "Our machines were lean and efficient," he says. "The sad thing is that today's computers totally abuse their memory – totally wasteful, you have to wait for the damn things to boot up, just appalling designs. Absolute mess! So dreadful it's heartbreaking."
You can read the full interview over here.