Microsoft KB Archive/329077

= MS02-052: Flaw in Microsoft VM JDBC Classes Might Permit Code to Be Run =

Article ID: 329077

Article Last Modified on 5/21/2007

-

APPLIES TO

 Microsoft Java Virtual Machine, when used with:  Microsoft Windows XP Professional

 Microsoft Windows Millennium Edition

 Microsoft Windows 2000 Standard Edition

 Microsoft Windows NT 4.0</li></ul>

 Microsoft Windows 98 Second Edition</li></ul>

 Microsoft Windows 98 Standard Edition</li></ul> </li></ul>

-

<div class="notice_section">

This article was previously published under Q329077

<div class="symptoms_section">

SYMPTOMS
The Microsoft virtual machine (VM) is a virtual machine for 32-bit versions of Microsoft Windows. The Microsoft VM was included as part of most versions of Windows, and as part of most versions of Microsoft Internet Explorer. A new patch for the Microsoft VM is available. This patch corrects three security vulnerabilities. The attack vectors for all the vulnerabilities are likely to be the same. To exploit these vulnerabilities, an attacker might create a Web page, and then host the Web page on a server or send the page as an e-mail message.

The first vulnerability involves the Java Database Connectivity (JDBC) classes, which provide features that permit Java programs to connect to and use data from a wide variety of data sources. These sources range from flat files to Microsoft SQL Server databases. The vulnerability occurs because of a flaw in the way in which classes vet a request to load and run a DLL on a user's computer. Although the classes perform checks that are designed to make sure that only authorized programs can make such requests, this check can be &quot;spoofed&quot; by purposely incorrectly forming the request in a particular way. This might permit an attacker to load and run any DLL on a user's computer.

The second vulnerability also involves the JDBC classes, and occurs because certain functions in the classes do not correctly validate handles that are provided as input. One straightforward use of this flaw involves supplying data that is not valid instead of an actual handle when calling such a function. Microsoft has confirmed that this scenario can cause Internet Explorer to stop working. The flaw might also permit an attacker to provide data that causes code to be run in the security context of the user.

The third vulnerability involves a class that provides support for using XML by Java programs. This class exposes a number of methods. Some of these methods are suitable for use by any program, but others are suitable only for use by trusted programs. However, the class does not differentiate correctly between these cases, and instead makes all the methods available to all programs. The functions that can be misused through this vulnerability include functions that might permit a program to take virtually any action on a user's computer.

<div class="resolution_section">

RESOLUTION
To resolve this problem, install the patch that is described in the following Microsoft Knowledge Base article:

810030 MS02-069: Flaw in Microsoft VM May Compromise Windows

The 329077 security update has been superseded by the 810030 update.

This update makes the following changes to the registry:

=&quot;Security Update for the Microsoft VM&quot;

&quot;ComponentID&quot;=&quot;JAVAVM&quot;

&quot;IsInstalled&quot;=hex:01,00,00,00

&quot;KeyFileName&quot;=&quot;C:\\WINDOWS\\System32\\msjava.dll&quot;

&quot;Version&quot;=&quot;5,00,3807,0&quot;

NOTE: Regardless of the version number viewed from Jview, the registry key described earlier should be the determining factor for correct installation of this patch. The Msjava.dll file will remain version 5.00.3805.0000 after you install this patch.

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. <pre class="fixed_text">  Date          Time    Size      File name --  18-Feb-2002   07:38     2,678   Msjdbc.cer 21-Aug-2002  17:28   137,282   Msjdbc.zip 16-Aug-2002  09:57    10,957   Osp.zip These files are put in the %Windir%\Java\Classes folder. The compressed .zip files contain the following Java classes: <pre class="fixed_text">  21-Aug-2002   17:28   24,824  Jdbcodbc.class 21-Aug-2002  17:28      800  Jdbcodbcboundcol.class 21-Aug-2002  17:28    1,119  Jdbcodbcboundparam.class 21-Aug-2002  17:28      848  Jdbcodbcbusyflag.class 21-Aug-2002  17:28    5,193  Jdbcodbccallablestatement.class 21-Aug-2002  17:28    8,347  Jdbcodbcconnection.class 21-Aug-2002  17:28      447  Jdbcodbcconnectioninterface.class 21-Aug-2002  17:28   28,036  Jdbcodbcdatabasemetadata.class 21-Aug-2002  17:28      710  Jdbcodbcdecimal.class 21-Aug-2002  17:28    6,096  Jdbcodbcdriver.class 21-Aug-2002  17:28      308  Jdbcodbcdriverattribute.class 21-Aug-2002  17:28      415  Jdbcodbcdriverinterface.class 21-Aug-2002  17:28    2,990  Jdbcodbcinputstream.class 21-Aug-2002  17:28      611  Jdbcodbclimits.class 21-Aug-2002  17:28    2,339  Jdbcodbcobject.class 21-Aug-2002  17:28    8,063  Jdbcodbcpreparedstatement.class 21-Aug-2002  17:28      912  Jdbcodbcpseudocol.class 21-Aug-2002  17:28   12,865  Jdbcodbcresultset.class 21-Aug-2002  17:28      615  Jdbcodbcresultsetinterface.class 21-Aug-2002  17:28    5,503  Jdbcodbcresultsetmetadata.class 21-Aug-2002  17:28      523  Jdbcodbcsqlwarning.class 21-Aug-2002  17:28    6,116  Jdbcodbcstatement.class 21-Aug-2002  17:28    1,451  Jdbcodbctimestamp.class 21-Aug-2002  17:28      566  Jdbcodbctypeinfo.class 21-Aug-2002  17:28   13,595  Odbcdef.class 28-Jul-1997  13:15      247  Accessdeniedexception.class 28-Jul-1997  13:15      243  Conversionexception.class 28-Jul-1997  13:15    1,033  Datasource.class 28-Jul-1997  13:15      746  Datasourcelistener.class 28-Jul-1997  13:15      253  Illegalargumentexception.class 28-Jul-1997  13:15      251  Notimplementedexception.class 28-Jul-1997  13:15    1,736  Oledbsimpleprovider.class 28-Jul-1997  13:15    1,123  Oledbsimpleproviderlistener.class 28-Jul-1997  13:15      384  Ospcomp.class 28-Jul-1997  13:15      261  Ospexception.class 28-Jul-1997  13:15      264  Ospfind.class 28-Jul-1997  13:15      304  Ospformat.class 28-Jul-1997  13:15      912  Ospmrshl.class 28-Jul-1997  13:15      286  Osprw.class 28-Jul-1997  13:15      260  Ospxfer.class 28-Jul-1997  13:15      368  __MIDL___MIDL_ITF_SIMPDATA_0000_0001.CLASS

<div class="status_section">

STATUS
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft VM.

<div class="moreinformation_section">

MORE INFORMATION
For more information about this vulnerability, visit the following Microsoft Web sites:

http://www.microsoft.com/technet/security/bulletin/MS02-052.mspx

http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx

Additional query words: security_patch

Keywords: kbqfe kbbug kbfix kbsecbulletin kbsecurity kbsecvulnerability KB329077

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.