SecuriTeam - Patch Available for the Java Sandbox Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

CanSecWest 2012

2nd Annual Cyber Security

Hack In Paris

Microsoft has released a patch that eliminates security vulnerability in the Microsoft Java Virtual Machine. The vulnerability allows a Java applet to take virtually any action on the computer of a web site visitor, bypassing the Java security sandbox.

Credit:
This vulnerability has been found by: Xerox PARC.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

The Microsoft VM is a virtual machine for the Win32 operating environment. It runs on top of Microsoft Windows 95, 98 or NT. It ships as part of each operating system, and also as part of Microsoft Internet Explorer. The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.0 and Internet Explorer 5.0 contains a security vulnerability that allows a Java applet to operate outside the bounds set by the sandbox and take any desired action on the user's computer. If such an applet were hosted on a web site, it could act against the computer of any user who visited the site.

Affected Software Versions
- Microsoft VM, all builds in the 2000 and 3000 series
NOTE: The affected versions shipped primarily as part of Internet Explorer 4.0 and 5.

Patch Availability
http://www.microsoft.com/java/vm/dl_vm32.htm

More Information
Please see the following references for more information related to this issue.
- Microsoft Security Bulletin MS99-031: Frequently Asked Questions,
   http://www.microsoft.com/security/bulletins/MS99-031faq.asp.
- Microsoft Knowledge Base (KB) article Q240346, Malicious Java Applet may be able to Read, Write, or Delete Files on the Computer of a Web Site Visitor,
   http://support.microsoft.com/support/kb/articles/q240/3/46.asp.
(Note: It may take 24 hours from the original posting of this bulletin for the KB article to be visible.)
- Microsoft Security Advisor web site,
   http://www.microsoft.com/security/default.asp.

blog comments powered by Disqus

	RealNetworks RealPlayer RV10 Sample Height Parsing Code Execution Vulnerability
	RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Code Execution Vulnerability
	RealNetworks RealPlayer RV30 Uninitialized Index Value Code Execution Vulnerability
	RealNetworks RealPlayer Invalid Codec Name Code Execution Vulnerability
	RealNetwork RealPlayer MPG Width Integer Underflow Code Execution Vulnerability
	RealNetworks RealPlayer genr Sample Size Parsing Code Execution Vulnerability
	RealNetworks RealPlayer ATRC Code Data Parsing Code Execution Vulnerability
	RealNetworks RealPlayer Malformed AAC File Parsing Code Execution Vulnerability
	HP Data Protector LogBackupLocationStatus SQL Injection Vulnerabilty
	InduSoft WebStudio Unauthenticated Operations Code Execution Vulnerabilityy
	InduSoft WebStudio CEServer Operation 0x15 Code Execution Vulnerability
	HP Data Protector Notebook Extension RequestCopy SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension GetPolicies SQL Injection Vulnerabilty
	GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability