Flaw in Microsoft VM New

The Microsoft VM is a virtual machine for the Win32® operating environment shipped with most versions of Windows and Internet Explorer. A new version of the Microsoft VM is available, which includes all previously released fixes for the VM, as well as fixes for eight newly reported security issues.

Issue

The attack vectors for all of the new issues would likely be the same. An attacker would create a web page that, when opened, exploits the desired vulnerability, and either host it on a web page or send it to a user as an HTML mail.

The newly reported security issues are as follows:

• A security vulnerability through which an untrusted Java applet could access COM objects. By design, COM objects should only be available to trusted Java programs because of the functionality they expose. COM objects are available that provide functionality through which an attacker could take control of the system.
• A pair of vulnerabilities that, although having different underlying causes, would have the same effect, namely, disguising the actual location of the applet’s codebase. By design, a Java applet that resides on user storage or a network share has read access to the folder it resides in and all folders below it. The vulnerabilities provide methods by which an applet located on a web site could misrepresent the location of its codebase, to indicate that it resided instead on the user’s local system or a network share.
• A vulnerability that could enable an attacker to construct an URL that, when parsed, would load a Java applet from one web site but misrepresent it as belonging to another web site. The result would be that the attacker’s applet would run in the other site’s domain. Any information the user provided to it could be relayed back to the attacker.
• A vulnerability that results because the Microsoft VM doesn’t prevent applets from calling the JDBC APIs – a set of APIs that provide database access methods. By design, these APIs provide functionality to add, change, delete or modify database contents, subject only to the user’s permissions.
• A vulnerability through which an attacker could temporarily prevent specified Java objects from being loaded and run. A legacy security mechanism known as the Standard Security Manager provides the ability to impose restrictions on Java applets, up to and including preventing them from running altogether. However, the VM does not adequately regulate access to the SSM, with the result that an attacker’s applet could add other Java objects to the “banned” list.
• A vulnerability through which an attacker could learn a user’s username on their local system. The vulnerability results because one particular system property, user.dir, should not be available to untrusted applets but, through a flaw, is. While knowing a username would not in itself pose a security risk, it could be useful for reconnaissance purposes.
• A vulnerability that results because it’s possible for a Java applet to perform an incomplete instantiation of another Java object. The effect of doing so would be to cause the containing application – Internet Explorer – to fail.

Affected Products

• Microsoft VM up to and including build 5.0.3805

Download

Patch: http://windowsupdate.microsoft.com/

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: December 12, 2002

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<