Microsoft KB Archive/300845

= MS02-013: Java Applet Can Redirect Browser Traffic =

Article ID: 300845

Article Last Modified on 3/29/2007

-

APPLIES TO

 Microsoft Java Virtual Machine, when used with:  Microsoft Windows XP Professional

 Microsoft Windows Millennium Edition

 Microsoft Windows 2000 Standard Edition

 Microsoft Windows NT 4.0</li></ul>

 Microsoft Windows 98 Second Edition</li></ul>

 Microsoft Windows 98 Standard Edition</li></ul> </li></ul>

-

<div class="notice_section">

This article was previously published under Q300845

<div class="notice_section">

IMPORTANT: This patch has been superseded by the update described in 810030

<div class="symptoms_section">

SYMPTOMS
A session hijacking vulnerability exists in the Microsoft virtual machine (Microsoft VM) that could allow a maliciously crafted Java applet to silently reroute all browser traffic to the host of the applet without the knowledge of the user. After an attacker possesses the rerouted browser traffic, he or she could take any action or any combination of actions that he or she chooses, including the following:
 * Handle the browser request.
 * Record the session information.
 * Forward the request to the intended destination.

NOTE: This capability could allow a malicious party to record the session information of a user and possibly search for user names, passwords, or credit card numbers that are sent in plain (unencrypted) text.

A malicious applet that tries to exploit this vulnerability would be active until the user quits all instances of Internet Explorer that are open.

This vulnerability can only be exploited if Microsoft Internet Explorer is configured to access Internet resources through a proxy server. Users whose browsers are not configured to use a proxy server are not at risk from this vulnerability.

If an attack that exploits this vulnerability captures any secure HTTP (HTTPS) traffic, the HTTPS traffic cannot be read in plain text because HTTPS is encrypted by using Secure Sockets Layer (SSL). Therefore, user names and passwords that are sent by using HTTPS are much less vulnerable than information that is sent in plain text by using HTTP.

<div class="cause_section">

CAUSE
This vulnerability occurs because of how certain requests for proxy service in Java are handled. When you configure Internet Explorer to use proxy services, a particularly crafted Java program (sometimes called an applet) could exploit this vulnerability to forward browser traffic.

<div class="resolution_section">

RESOLUTION
To resolve this problem, install the &quot;810030: Microsoft VM Security Update&quot; package from the following Windows Update Web site:

http://windowsupdate.microsoft.com/

. For additional information about this update, click the following article number to view the article in the Microsoft Knowledge Base:

810030 MS02-069: Flaw in Microsoft VM May Compromise Windows

<div class="status_section">

STATUS
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft virtual machine. This problem was first corrected in Windows 2000 Service Pack 3.

<div class="moreinformation_section">

MORE INFORMATION
To determine the Microsoft VM build number on a computer that is running Windows 98, Windows 98 Second Edition (SE), or Windows Millennium Edition (Me), follow these steps: <ol> Click Start, and then click Run.</li> In the Open text box, type command, and then click OK.</li> At the command prompt, type the following command, and then press ENTER:

jview

Notice that the version information appears on the first line as &quot;Version &quot;, where   is the build number. For example, 5.00.3802 is Microsoft VM build 3802.</li></ol>

To determine the Microsoft VM build number on a computer that is running Windows NT 4.0, Windows 2000, or Windows XP, follow these steps: <ol> Click Start, and then click Run.</li> In the Open text box, type cmd, and then click OK.</li> At the command prompt, type the following command, and then press ENTER:

jview

Notice that the version information appears on the first line as &quot;Version &quot;, where   is the build number. For example, 5.00.3802 is Microsoft VM build 3802.</li></ol>

For additional information about how to install the Microsoft VM silently without restarting your computer, click the following article number to view the article in the Microsoft Knowledge Base:

304930 How to Install the Microsoft Virtual Machine Silently Without Restarting Your Computer

To install the Microsoft VM build 3805 for Microsoft Windows 2000 (Hotfix) silently without restarting your computer, use the following command-line:

Q300845_W2K_SP3_X86_EN.exe -z -q -m

<div class="references_section">