MS02-052: Flaw in Microsoft VM JDBC Classes Might Permit Code to Be Run (329077)


The information in this article applies to:

  • Microsoft virtual machine, when used with:
    • the operating system: Microsoft Windows XP
    • the operating system: Microsoft Windows Millennium Edition
    • the operating system: Microsoft Windows 2000
    • the operating system: Microsoft Windows NT 4.0
    • the operating system: Microsoft Windows 98 Second Edition
    • the operating system: Microsoft Windows 98
This article was previously published under Q329077

SYMPTOMS

The Microsoft virtual machine (VM) is a virtual machine for 32-bit versions of Microsoft Windows. The Microsoft VM was included as part of most versions of Windows, and as part of most versions of Microsoft Internet Explorer. A new patch for the Microsoft VM is available. This patch corrects three security vulnerabilities. The attack vectors for all the vulnerabilities are likely to be the same. To exploit these vulnerabilities, an attacker might create a Web page, and then host the Web page on a server or send the page as an e-mail message.

The first vulnerability involves the Java Database Connectivity (JDBC) classes, which provide features that permit Java programs to connect to and use data from a wide variety of data sources. These sources range from flat files to Microsoft SQL Server databases. The vulnerability occurs because of a flaw in the way in which classes vet a request to load and run a DLL on a user's computer. Although the classes perform checks that are designed to make sure that only authorized programs can make such requests, this check can be "spoofed" by purposely incorrectly forming the request in a particular way. This might permit an attacker to load and run any DLL on a user's computer.

The second vulnerability also involves the JDBC classes, and occurs because certain functions in the classes do not correctly validate handles that are provided as input. One straightforward use of this flaw involves supplying data that is not valid instead of an actual handle when calling such a function. Microsoft has confirmed that this scenario can cause Internet Explorer to stop working. The flaw might also permit an attacker to provide data that causes code to be run in the security context of the user.

The third vulnerability involves a class that provides support for using XML by Java programs. This class exposes a number of methods. Some of these methods are suitable for use by any program, but others are suitable only for use by trusted programs. However, the class does not differentiate correctly between these cases, and instead makes all the methods available to all programs. The functions that can be misused through this vulnerability include functions that might permit a program to take virtually any action on a user's computer.

RESOLUTION

To resolve this problem, install the patch that is described in the following Microsoft Knowledge Base article:

810030 MS02-069: Flaw in Microsoft VM May Compromise Windows

The 329077 security update has been superseded by the 810030 update.

This update makes the following changes to the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF}

="Security Update for the Microsoft VM"
"ComponentID"="JAVAVM"
"IsInstalled"=hex:01,00,00,00
"KeyFileName"="C:\\WINDOWS\\System32\\msjava.dll"
"Version"="5,00,3807,0"

NOTE: Regardless of the version number viewed from Jview, the registry key described earlier should be the determining factor for correct installation of this patch. The Msjava.dll file will remain version 5.00.3805.0000 after you install this patch.

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 
   Date          Time    Size      File name
   ------------------------------------------
   18-Feb-2002   07:38     2,678   Msjdbc.cer
   21-Aug-2002   17:28   137,282   Msjdbc.zip
   16-Aug-2002   09:57    10,957   Osp.zip
These files are put in the %Windir%\Java\Classes folder. The compressed .zip files contain the following Java classes: 
   21-Aug-2002   17:28   24,824  Jdbcodbc.class
   21-Aug-2002   17:28      800  Jdbcodbcboundcol.class
   21-Aug-2002   17:28    1,119  Jdbcodbcboundparam.class
   21-Aug-2002   17:28      848  Jdbcodbcbusyflag.class
   21-Aug-2002   17:28    5,193  Jdbcodbccallablestatement.class
   21-Aug-2002   17:28    8,347  Jdbcodbcconnection.class
   21-Aug-2002   17:28      447  Jdbcodbcconnectioninterface.class
   21-Aug-2002   17:28   28,036  Jdbcodbcdatabasemetadata.class
   21-Aug-2002   17:28      710  Jdbcodbcdecimal.class
   21-Aug-2002   17:28    6,096  Jdbcodbcdriver.class
   21-Aug-2002   17:28      308  Jdbcodbcdriverattribute.class
   21-Aug-2002   17:28      415  Jdbcodbcdriverinterface.class
   21-Aug-2002   17:28    2,990  Jdbcodbcinputstream.class
   21-Aug-2002   17:28      611  Jdbcodbclimits.class
   21-Aug-2002   17:28    2,339  Jdbcodbcobject.class
   21-Aug-2002   17:28    8,063  Jdbcodbcpreparedstatement.class
   21-Aug-2002   17:28      912  Jdbcodbcpseudocol.class
   21-Aug-2002   17:28   12,865  Jdbcodbcresultset.class
   21-Aug-2002   17:28      615  Jdbcodbcresultsetinterface.class
   21-Aug-2002   17:28    5,503  Jdbcodbcresultsetmetadata.class
   21-Aug-2002   17:28      523  Jdbcodbcsqlwarning.class
   21-Aug-2002   17:28    6,116  Jdbcodbcstatement.class
   21-Aug-2002   17:28    1,451  Jdbcodbctimestamp.class
   21-Aug-2002   17:28      566  Jdbcodbctypeinfo.class
   21-Aug-2002   17:28   13,595  Odbcdef.class
   28-Jul-1997   13:15      247  Accessdeniedexception.class
   28-Jul-1997   13:15      243  Conversionexception.class
   28-Jul-1997   13:15    1,033  Datasource.class
   28-Jul-1997   13:15      746  Datasourcelistener.class
   28-Jul-1997   13:15      253  Illegalargumentexception.class
   28-Jul-1997   13:15      251  Notimplementedexception.class
   28-Jul-1997   13:15    1,736  Oledbsimpleprovider.class
   28-Jul-1997   13:15    1,123  Oledbsimpleproviderlistener.class
   28-Jul-1997   13:15      384  Ospcomp.class
   28-Jul-1997   13:15      261  Ospexception.class
   28-Jul-1997   13:15      264  Ospfind.class
   28-Jul-1997   13:15      304  Ospformat.class
   28-Jul-1997   13:15      912  Ospmrshl.class
   28-Jul-1997   13:15      286  Osprw.class
   28-Jul-1997   13:15      260  Ospxfer.class
   28-Jul-1997   13:15      368  __MIDL___MIDL_ITF_SIMPDATA_0000_0001.CLASS

STATUS

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft VM.

MORE INFORMATION

For more information about this vulnerability, visit the following Microsoft Web sites:

http://www.microsoft.com/technet/security/bulletin/MS02-052.mspx
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-011.mspx

Modification Type:MinorLast Reviewed:9/27/2004
Keywords:kbQFE kbbug kbfix KbSECBulletin kbSecurity KbSECVulnerability KB329077 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.