Microsoft KB Archive/277014

= FIX: Security Issue Allows Access to Files on User's Computer =

Article ID: 277014

Article Last Modified on 6/14/2006

-

APPLIES TO


 * Microsoft Java Virtual Machine

-



This article was previously published under Q277014



SYMPTOMS
The Microsoft virtual machine (Microsoft VM) includes a security vulnerability that could enable a malicious Web site operator to access the files on a user's computer and, if the user is part of an intranet, to read Web content within that intranet.

This affects the following builds of the Microsoft VM:
 * All builds in the 3000 series.



CAUSE
The Microsoft VM allows archive files (CAB or JAR files) that are used in a Java-based  tag and referenced by the CABBASE, CABINETS, or ARCHIVE parameters to come from locations other than the codebase.



RESOLUTION
To resolve this problem, install build 3319 or later of the Microsoft VM. For more information, visit the following Microsoft Web site:

http://www.microsoft.com/mscorp/java/

WARNING: After you install the updated Microsoft VM, you cannot uninstall it.
 * 2000-series builds are no longer supported

Customers should upgrade to the latest 3000-series build.
 * 3000-series Microsoft VM customers

Customers should upgrade to build 3319 or later.



STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.

This bug was corrected in the Microsoft VM build 3319.

