Microsoft KB Archive/244283

From BetaArchive Wiki
Knowledge Base


MS99-045: Bypassing Java Sandbox with Program Results in VM Security Vulnerability

Article ID: 244283

Article Last Modified on 11/1/2006


APPLIES TO

  • Microsoft Java Virtual Machine, when used with:
    • Microsoft Windows XP Professional
    • Microsoft Windows Millennium Edition
    • Microsoft Windows 2000 Standard Edition
    • Microsoft Windows NT 4.0
    • Microsoft Windows 98 Second Edition
    • Microsoft Windows 98 Standard Edition
    • Microsoft Windows 95


This article was previously published under Q244283

SYMPTOMS

When you manually construct a Java program by using a Java bytecodes assembler to operate outside the bounds that are set by the sandbox (the security scheme for Java programs), it may be possible for the program to exploit a security vulnerability in the Microsoft virtual machine (Microsoft VM).

If the program is hosted on a Web site, it may be possible to run a program or perform certain tasks on the computer of a visiting user that the user does not authorize. This may include the following tasks:

  • Create a file.
  • Delete a file.
  • Modify a file.
  • Send data to a Web site.
  • Receive data from a Web site.
  • Reformat the hard disk.


RESOLUTION

To resolve this problem, apply the "Security Update, March 4, 2002" from the Critical Updates section of the following Microsoft Web site:

Welcome to Windows Update
http://windowsupdate.microsoft.com/


NOTE: This critical update upgrades your Microsoft VM to version 3805 and is only available if you have an affected version of the Microsoft VM installed. All builds of the Microsoft VM up to and including build 3802 are affected.

NOTE: Build 3805 also corrects the following security vulnerability:

300845 MS02-013: Java Applet Can Redirect Browser Traffic


STATUS

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft virtual machine.

MORE INFORMATION

For more information about this vulnerability, refer to the following Microsoft Web sites:

http://www.microsoft.com/technet/security/bulletin/ms02-013.mspx

http://www.microsoft.com/technet/security/bulletin/ms99-045.mspx


For additional information about the Microsoft virtual machine, click the article number below to view the article in the Microsoft Knowledge Base:

169803 INFO: Historical List of Shipping Vehicles for Microsoft VM


For support information about Visual J++ and the SDK for Java, visit the following Microsoft Web site:

http://www.microsoft.com/java



Additional query words: security_patch applet

Keywords: kbbug kbfix kbsecurity kbsecvulnerability KB244283



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/244283&oldid=375183
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki