MS99-045: Bypassing Java Sandbox with Program Results in VM Security Vulnerability

Article translations Article translations
Article ID: 244283 - View products that this article applies to.
This article was previously published under Q244283
Notice
The Microsoft virtual machine (Microsoft VM) update that was previously listed in this article is no longer available. For more information, visit the following Microsoft Web pages:
http://www.microsoft.com/mscorp/java/default.mspx
http://support.microsoft.com/gp/lifean12
Expand all | Collapse all

SYMPTOMS

When you manually construct a Java program by using a Java bytecodes assembler to operate outside the bounds that are set by the sandbox (the security scheme for Java programs), it may be possible for the program to exploit a security vulnerability in the Microsoft virtual machine (Microsoft VM).

If the program is hosted on a Web site, it may be possible to run a program or perform certain tasks on the computer of a visiting user that the user does not authorize. This may include the following tasks:
  • Create a file.
  • Delete a file.
  • Modify a file.
  • Send data to a Web site.
  • Receive data from a Web site.
  • Reformat the hard disk.

STATUS

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft virtual machine.

MORE INFORMATION

For more information about this vulnerability, refer to the following Microsoft Web sites:
http://www.microsoft.com/technet/security/bulletin/ms02-013.mspx

http://www.microsoft.com/technet/security/bulletin/ms99-045.mspx
For additional information about the Microsoft virtual machine, click the article number below to view the article in the Microsoft Knowledge Base:
169803 INFO: Historical List of Shipping Vehicles for Microsoft VM
For support information about Visual J++ and the SDK for Java, visit the following Microsoft Web site:
http://www.microsoft.com/java

Properties

Article ID: 244283 - Last Review: June 30, 2009 - Revision: 7.0
APPLIES TO
  • Microsoft Java Virtual Machine, when used with:
    • the operating system: Microsoft Windows XP
    • Microsoft Windows Millennium Edition
    • the operating system: Microsoft Windows 2000
    • Microsoft Windows NT 4.0
    • Microsoft Windows 98 Second Edition
    • Microsoft Windows 98 Standard Edition
    • Microsoft Windows 95
Keywords: 
kbbug kbfix kbsecurity kbsecvulnerability KB244283

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com