> If I apply the latest > Sun Java 2 Runtime and I have older versions installed as > well can someone execute a vulnerability that exists in the > older runtime? >
Yes the vulnerability still exists in the old runtimes. Your risk is not 100% mitigated unless you removed the old JVMs. However there are mitigating factors: Your web browser won't load the old VM by default, it loads the latest one. Also, on Windows, the Java installer puts a copy of the latest java.exe, javaw.exe and javaws.exe in the %SYSTEMROOT%\system32. This directory is implicitly in the start of your %PATH% on windows (after the current directory), so that any Java apps that are invoked with the assumption that the Java runtime will be in the path (eg "javaw -jar myjar.jar") will use the latest runtime. On the other hand applications that have coded the path to the JVM in their configuration files (like Netbeans) or .lnk shortcuts will continue to load a vulnerable version of the JVM.
smime.p7s
Description: S/MIME cryptographic signature
