|
|
|
|
| |
| Microsoft has released a patch that eliminates security vulnerability in the Microsoft Java Virtual Machine. The vulnerability allows a Java applet to take virtually any action on the computer of a web site visitor, bypassing the Java security sandbox. |
| |
Credit:
This vulnerability has been found by: Xerox PARC.
|
| |
The Microsoft VM is a virtual machine for the Win32 operating environment. It runs on top of Microsoft Windows 95, 98 or NT. It ships as part of each operating system, and also as part of Microsoft Internet Explorer. The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.0 and Internet Explorer 5.0 contains a security vulnerability that allows a Java applet to operate outside the bounds set by the sandbox and take any desired action on the user's computer. If such an applet were hosted on a web site, it could act against the computer of any user who visited the site.
Affected Software Versions
- Microsoft VM, all builds in the 2000 and 3000 series
NOTE: The affected versions shipped primarily as part of Internet Explorer 4.0 and 5.
Patch Availability
http://www.microsoft.com/java/vm/dl_vm32.htm
More Information
Please see the following references for more information related to this issue.
- Microsoft Security Bulletin MS99-031: Frequently Asked Questions,
http://www.microsoft.com/security/bulletins/MS99-031faq.asp.
- Microsoft Knowledge Base (KB) article Q240346, Malicious Java Applet may be able to Read, Write, or Delete Files on the Computer of a Web Site Visitor,
http://support.microsoft.com/support/kb/articles/q240/3/46.asp.
(Note: It may take 24 hours from the original posting of this bulletin for the KB article to be visible.)
- Microsoft Security Advisor web site,
http://www.microsoft.com/security/default.asp.
|
|
|
|
|
|
|
|
|
|
