Article ID: 810030 - Last Review: June 30, 2009 - Revision: 8.0

MS02-069: Flaw in Microsoft VM May Compromise Windows

View products that this article applies to.
Notice
The Microsoft virtual machine (Microsoft VM) update that was previously listed in this article is no longer available. For more information, visit the following Microsoft Web pages:
http://www.microsoft.com/mscorp/java/default.mspx (http://www.microsoft.com/mscorp/java/default.mspx)
http://support.microsoft.com/gp/lifean12 (http://support.microsoft.com/gp/lifean12)
Expand all | Collapse all

SYMPTOMS

The Microsoft virtual machine (Microsoft VM) is a virtual machine for the Win32 environment. The Microsoft VM is included in most versions of Windows and in most versions of Microsoft Internet Explorer.

A new version of the Microsoft VM is available that includes all previously released fixes for Microsoft VM and fixes for eight newly reported security issues. The attack vectors for all the new issues are most likely the same. An attacker can create a Web site that, when opened, exploits the particular vulnerability and either hosts the attack vector on a Web site or sends it to a user as an HTML mail message.

The newly reported security issues are:
  • A security vulnerability through which an untrusted Java applet can access Component Object Model (COM) objects

    By design, COM objects expose functionality, and therefore, should be available only to trusted Java programs. Some COM objects provide functionality through which an attacker may be able to take control of the system.
  • A pair of vulnerabilities that can disguise the actual location referred to by an applet's codebase attribute

    Although each vulnerability has different underlying causes, they both have the same potential effect. By design, a Java applet that resides on user storage or a network share has read access to the folder that it resides in and to all folders below it. These vulnerabilities provide methods by which an applet that is located on a Web site can be made to misrepresent its location in its codebase attribute. That is, the applet appears to reside on the user's local system or a network share instead of in its actual location.
  • A vulnerability that can permit an attacker to construct a URL that, when parsed, loads a Java applet from one Web site but misrepresents it as belonging to another Web site

    This vulnerability permits the attacker's applet to run in the other site's domain. Any information that the user provides to this applet can be relayed back to the attacker.
  • A vulnerability that permits an applet to modify database contents

    This vulnerability occurs because the Microsoft VM does not prevent applets from calling the JDBC APIs, a set of APIs that provide database access methods. By design, these APIs provide functionality to add, change, delete, and modify database contents, and they are subject only to the user's permissions.
  • A vulnerability through which an attacker can temporarily prevent specified Java objects from being loaded and run

    The Standard Security Manager, an earlier version security mechanism, permits a user to impose restrictions on Java applets, including preventing them from running at all. However, the Microsoft VM does not adequately control access to the Standard Security Manager, and therefore, an attacker's applet can add other Java objects to the "banned" list.
  • A vulnerability through which an attacker can learn a user's user name on the user's local computer

    This vulnerability occurs because the user.dir system property is available to untrusted applets. Although knowing a user name does not in itself pose a security risk, an attacker may find this information useful for reconnaissance purposes.
  • A vulnerability that occurs because a Java applet may perform an incomplete instantiation of another Java object

    This causes the containing program (Internet Explorer) to fail.
Back to the top

STATUS

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft VM.
Back to the top

MORE INFORMATION

To determine the Microsoft VM build number on a computer that is running Windows 98, Windows 98 Second Edition (SE), or Windows Millennium Edition, follow these steps:
  1. Click Start, and then click Run.
  2. In the Open box, type command, and then click OK.
  3. At the command prompt, type jview, and then press ENTER. Notice that the version information appears on the first line as "Version n.nn.nnnn," where the last four nnnn digits are the build number. For example, 5.00.3802 is Microsoft VM build 3802.
To determine the Microsoft VM build number on a computer running Windows NT 4.0, Windows 2000, or Windows XP, follow these steps:
  1. Click Start , and then click Run.
  2. In the Open box, type cmd, and then click OK.
  3. At the command prompt, type the following command, and then press ENTER:
    jview
    Notice that the version information appears on the first line as "Version n.nn.nnnn," where the last four nnnn digits are the build number. For example, 5.00.3802 is Microsoft VM build 3802.
For more information about this vulnerability, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/MS02-069.mspx (http://www.microsoft.com/technet/security/bulletin/MS02-069.mspx)
Back to the top
APPLIES TO
  • Microsoft Java Virtual Machine, when used with:
    • the operating system: Microsoft Windows XP
    • Microsoft Windows 2000 Service Pack 2
    • Microsoft Windows NT 4.0
    • Microsoft Windows Millennium Edition
    • Microsoft Windows 98 Second Edition
    • Microsoft Windows 98 Standard Edition
Back to the top
Keywords: 
kbdownload kbbug kbfix kbsecbulletin kbsecurity kbsecvulnerability kbqfe KB810030
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations