Virtual Machine Verifier Vulnerability

A security vulnerability exists in the the Microsoft® virtual machine (Microsoft VM) that could allow a Java applet to take unauthorized actions on the computer of a web site visitor.

Issue

The Microsoft VM is a virtual machine for the Win32® operating environment. It runs atop Microsoft Windows® 95, 98 or Windows NT®. It ships as part of each operating system, and also as part of Microsoft Internet Explorer.

The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.0 and Internet Explorer 5.0 contains a security vulnerability in the bytecode verifier that could allow a Java applet to operate outside the bounds set by the sandbox. If hosted on a web site, it could cause any action to be taken on the computer of a visiting user that the user himself could take. This could include, for example, creating, deleting or modifying files, sending data to or receiving data from a web site, or reformatting the hard drive.

Although no standard Java compiler can generate such an applet, a Java applet constructed by hand with a Java bytecode assembler could bypass the sandbox and take virtually any action on the computer that the user would be capable of taking.

Download

Patch: http://www.microsoft.com/java/vm/dl_vm32.htm

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: November 2, 1999

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<