MS99-045: Bypassing Java Sandbox with Program Results in VM Security Vulnerability (244283)
The information in this article applies to:
- Microsoft virtual machine, when used with:
- the operating system: Microsoft Windows XP
- the operating system: Microsoft Windows Millennium Edition
- the operating system: Microsoft Windows 2000
- the operating system: Microsoft Windows NT 4.0
- the operating system: Microsoft Windows 98 Second Edition
- the operating system: Microsoft Windows 98
- the operating system: Microsoft Windows 95
This article was previously published under Q244283 SYMPTOMS
When you manually construct a Java program by using a Java bytecodes assembler to operate outside the bounds that are set by the sandbox (the security scheme for Java programs), it may be possible for the program to exploit a security vulnerability in the Microsoft virtual machine (Microsoft VM).
If the program is hosted on a Web site, it may be possible to run a program or perform certain tasks on the computer of a visiting user that the user does not authorize. This may include the following tasks:
- Create a file.
- Delete a file.
- Modify a file.
- Send data to a Web site.
- Receive data from a Web site.
- Reformat the hard disk.
RESOLUTION
To resolve this problem, apply the "Security Update, March 4, 2002" from the Critical Updates section of the following Microsoft Web site:
NOTE: This critical update upgrades your Microsoft VM to version 3805 and is only available if you have an affected version of the Microsoft VM installed. All builds of the Microsoft VM up to and including build 3802 are affected. NOTE: Build 3805 also corrects the following security vulnerability:
300845 MS02-013: Java Applet Can Redirect Browser Traffic
STATUSMicrosoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft virtual machine.
| Modification Type: | Major | Last Reviewed: | 6/15/2006 |
|---|
| Keywords: | kbbug kbfix kbSecurity KbSECVulnerability KB244283 |
|---|
|