Article ID: 275609 - View products that this article applies to.
This article was previously published under Q275609
NoticeThe Microsoft virtual machine (Microsoft VM) update that was previously listed in this article is no longer available. For more information, visit the following Microsoft Web pages:
The Microsoft virtual machine (Microsoft VM) includes a security vulnerability that may allow script code in a Web page or HTML-based e-mail message access to ActiveX controls that should not be available in those contexts. This vulnerability can give malicious script code access to any ActiveX controls that are installed on the visiting user's computer. The ActiveX controls could then give the malicious script complete control over the visiting user's computer, including the ability to read and write files on the local hard drive.
This affects the following builds of the Microsoft VM:
The vulnerability is caused by a flaw in a security check that is intended to prevent the com.ms.activeX.ActiveXComponent system class from being used as an applet. This system class, which is provided with the Microsoft VM, is intended for use only in applications or by signed and trusted applets.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
For more information, please see Microsoft Security Bulletin MS00-075 at the following Microsoft Web site:
For additional security-related information about Microsoft products, please refer to the following Microsoft Web site:
http://www.microsoft.com/technet/security/For support information about Visual J++ and the SDK for Java, visit the following Microsoft Web site:
Article ID: 275609 - Last Review: June 30, 2009 - Revision: 7.0