Article ID: 329077
Article Last Modified on 5/21/2007
APPLIES TO
- Microsoft Java Virtual Machine, when used with:
- Microsoft Windows XP Professional
- Microsoft Windows Millennium Edition
- Microsoft Windows 2000 Standard Edition
- Microsoft Windows NT 4.0
- Microsoft Windows 98 Second Edition
- Microsoft Windows 98 Standard Edition
This article was previously published under Q329077
SYMPTOMS
The Microsoft virtual machine (VM) is a virtual machine for 32-bit versions of Microsoft Windows. The Microsoft VM was included as part of most versions of Windows, and as part of most versions of Microsoft Internet Explorer. A new patch for the Microsoft VM is available. This patch corrects three security vulnerabilities. The attack vectors for all the vulnerabilities are likely to be the same. To exploit these vulnerabilities, an attacker might create a Web page, and then host the Web page on a server or send the page as an e-mail message.
The first vulnerability involves the Java Database Connectivity (JDBC) classes, which provide features that permit Java programs to connect to and use data from a wide variety of data sources. These sources range from flat files to Microsoft SQL Server databases. The vulnerability occurs because of a flaw in the way in which classes vet a request to load and run a DLL on a user's computer. Although the classes perform checks that are designed to make sure that only authorized programs can make such requests, this check can be "spoofed" by purposely incorrectly forming the request in a particular way. This might permit an attacker to load and run any DLL on a user's computer.
The second vulnerability also involves the JDBC classes, and occurs because certain functions in the classes do not correctly validate handles that are provided as input. One straightforward use of this flaw involves supplying data that is not valid instead of an actual handle when calling such a function. Microsoft has confirmed that this scenario can cause Internet Explorer to stop working. The flaw might also permit an attacker to provide data that causes code to be run in the security context of the user.
The third vulnerability involves a class that provides support for using XML by Java programs. This class exposes a number of methods. Some of these methods are suitable for use by any program, but others are suitable only for use by trusted programs. However, the class does not differentiate correctly between these cases, and instead makes all the methods available to all programs. The functions that can be misused through this vulnerability include functions that might permit a program to take virtually any action on a user's computer.
RESOLUTION
To resolve this problem, install the patch that is described in the following Microsoft Knowledge Base article:
810030 MS02-069: Flaw in Microsoft VM May Compromise Windows
The 329077 security update has been superseded by the 810030 update.
This update makes the following changes to the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF}
="Security Update for the Microsoft VM"
"ComponentID"="JAVAVM"
"IsInstalled"=hex:01,00,00,00
"KeyFileName"="C:\\WINDOWS\\System32\\msjava.dll"
"Version"="5,00,3807,0"
NOTE: Regardless of the version number viewed from Jview, the registry key described earlier should be the determining factor for correct installation of this patch. The Msjava.dll file will remain version 5.00.3805.0000 after you install this patch.
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Size File name ------------------------------------------ 18-Feb-2002 07:38 2,678 Msjdbc.cer 21-Aug-2002 17:28 137,282 Msjdbc.zip 16-Aug-2002 09:57 10,957 Osp.zip
These files are put in the %Windir%\Java\Classes folder. The compressed .zip files contain the following Java classes:
21-Aug-2002 17:28 24,824 Jdbcodbc.class 21-Aug-2002 17:28 800 Jdbcodbcboundcol.class 21-Aug-2002 17:28 1,119 Jdbcodbcboundparam.class 21-Aug-2002 17:28 848 Jdbcodbcbusyflag.class 21-Aug-2002 17:28 5,193 Jdbcodbccallablestatement.class 21-Aug-2002 17:28 8,347 Jdbcodbcconnection.class 21-Aug-2002 17:28 447 Jdbcodbcconnectioninterface.class 21-Aug-2002 17:28 28,036 Jdbcodbcdatabasemetadata.class 21-Aug-2002 17:28 710 Jdbcodbcdecimal.class 21-Aug-2002 17:28 6,096 Jdbcodbcdriver.class 21-Aug-2002 17:28 308 Jdbcodbcdriverattribute.class 21-Aug-2002 17:28 415 Jdbcodbcdriverinterface.class 21-Aug-2002 17:28 2,990 Jdbcodbcinputstream.class 21-Aug-2002 17:28 611 Jdbcodbclimits.class 21-Aug-2002 17:28 2,339 Jdbcodbcobject.class 21-Aug-2002 17:28 8,063 Jdbcodbcpreparedstatement.class 21-Aug-2002 17:28 912 Jdbcodbcpseudocol.class 21-Aug-2002 17:28 12,865 Jdbcodbcresultset.class 21-Aug-2002 17:28 615 Jdbcodbcresultsetinterface.class 21-Aug-2002 17:28 5,503 Jdbcodbcresultsetmetadata.class 21-Aug-2002 17:28 523 Jdbcodbcsqlwarning.class 21-Aug-2002 17:28 6,116 Jdbcodbcstatement.class 21-Aug-2002 17:28 1,451 Jdbcodbctimestamp.class 21-Aug-2002 17:28 566 Jdbcodbctypeinfo.class 21-Aug-2002 17:28 13,595 Odbcdef.class 28-Jul-1997 13:15 247 Accessdeniedexception.class 28-Jul-1997 13:15 243 Conversionexception.class 28-Jul-1997 13:15 1,033 Datasource.class 28-Jul-1997 13:15 746 Datasourcelistener.class 28-Jul-1997 13:15 253 Illegalargumentexception.class 28-Jul-1997 13:15 251 Notimplementedexception.class 28-Jul-1997 13:15 1,736 Oledbsimpleprovider.class 28-Jul-1997 13:15 1,123 Oledbsimpleproviderlistener.class 28-Jul-1997 13:15 384 Ospcomp.class 28-Jul-1997 13:15 261 Ospexception.class 28-Jul-1997 13:15 264 Ospfind.class 28-Jul-1997 13:15 304 Ospformat.class 28-Jul-1997 13:15 912 Ospmrshl.class 28-Jul-1997 13:15 286 Osprw.class 28-Jul-1997 13:15 260 Ospxfer.class 28-Jul-1997 13:15 368 __MIDL___MIDL_ITF_SIMPDATA_0000_0001.CLASS
STATUS
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft VM.
MORE INFORMATION
For more information about this vulnerability, visit the following Microsoft Web sites:
Additional query words: security_patch
Keywords: kbqfe kbbug kbfix kbsecbulletin kbsecurity kbsecvulnerability KB329077