Article ID: 271752
Article Last Modified on 6/14/2006
APPLIES TO
- Microsoft Java Virtual Machine
This article was previously published under Q271752
SYMPTOMS
The Microsoft virtual machine (Microsoft VM) includes a vulnerability that could enable a malicious user to use an unsigned applet to read Web content behind a firewall. To exploit this vulnerability, the malicious user would have to know the exact URLs of the sites.
This affects the following builds of the Microsoft VM:
- All builds in the 2000 series.
- All builds in the 3100 series.
- All builds in the 3200 series.
- All builds in the 3300 series.
RESOLUTION
To resolve this potential problem, install the latest version of the Microsoft VM as specified in this section. For more information, visit the following Microsoft Web site:
Warning After you install the updated Microsoft VM, you cannot uninstall it.
- 2000-series Microsoft VM customers
Upgrade to build 2446 or later.
- 3100-series Microsoft VM customers
Upgrade to build 3316 or later.
- 3200-series Microsoft VM customers
Upgrade to build 3316 or later.
- 3300-series Microsoft VM customers
Upgrade to build 3316 or later.
You can perform the following steps to determine the build number of your Microsoft VM:
- Open a Command window:
- On Microsoft Windows 2000 and Microsoft Windows NT, click Start, click Run, type cmd, and then click OK.
- On Microsoft Windows 95 or Microsoft Windows 98, click Start, click Run, type command, and then click OK.
- At the Command prompt, type jview and then press ENTER. The version information is at the right of the topmost line. It appears in the format "5.00.xxxx", where "xxxx" is the build number. For example, if the version number is 5.00.1234, the build number is 1234.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was corrected in recent patches for the Microsoft VM.
See the "Resolution" section of this article for more information about the fixes.
REFERENCES
For more information, please see Microsoft Security Bulletin MS00-059:
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
253562 FIX: Untrusted code can access files on end-user systems
For additional security-related information about Microsoft products, please refer to the following Microsoft Web site:
For support information about Visual J++ and the SDK for Java, visit the following Microsoft Web site:
Keywords: kbbug kbfix kbjavavm33xxfix kbsecvulnerability kbsecurity kbsecbulletin KB271752