Microsoft KB Archive/271752

= FIX: Microsoft VM applet vulnerability =

Article ID: 271752

Article Last Modified on 6/14/2006

-

APPLIES TO


 * Microsoft Java Virtual Machine

-



This article was previously published under Q271752



SYMPTOMS
The Microsoft virtual machine (Microsoft VM) includes a vulnerability that could enable a malicious user to use an unsigned applet to read Web content behind a firewall. To exploit this vulnerability, the malicious user would have to know the exact URLs of the sites.

This affects the following builds of the Microsoft VM:
 * All builds in the 2000 series.
 * All builds in the 3100 series.
 * All builds in the 3200 series.
 * All builds in the 3300 series.



RESOLUTION
To resolve this potential problem, install the latest version of the Microsoft VM as specified in this section. For more information, visit the following Microsoft Web site:

http://www.microsoft.com/mscorp/java/

Warning After you install the updated Microsoft VM, you cannot uninstall it.
 * 2000-series Microsoft VM customers

Upgrade to build 2446 or later.
 * 3100-series Microsoft VM customers

Upgrade to build 3316 or later.
 * 3200-series Microsoft VM customers

Upgrade to build 3316 or later.
 * 3300-series Microsoft VM customers

Upgrade to build 3316 or later.

You can perform the following steps to determine the build number of your Microsoft VM:
 * 1) Open a Command window:
 * 2) * On Microsoft Windows 2000 and Microsoft Windows NT, click Start, click Run, type cmd, and then click OK.
 * 3) * On Microsoft Windows 95 or Microsoft Windows 98, click Start, click Run, type command, and then click OK.
 * 4) At the Command prompt, type jview and then press ENTER. The version information is at the right of the topmost line. It appears in the format &quot;5.00.xxxx&quot;, where &quot;xxxx&quot; is the build number. For example, if the version number is 5.00.1234, the build number is 1234.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section. This problem was corrected in recent patches for the Microsoft VM.

See the &quot;Resolution&quot; section of this article for more information about the fixes.

