FIX: Security Issue Allows Access to Files on User's Computer

Article translations Article translations
Article ID: 277014 - View products that this article applies to.
This article was previously published under Q277014
Notice
The Microsoft virtual machine (Microsoft VM) update that was previously listed in this article is no longer available. For more information, visit the following Microsoft Web pages:
http://www.microsoft.com/mscorp/java/default.mspx
http://support.microsoft.com/gp/lifean12
Expand all | Collapse all

SYMPTOMS

The Microsoft virtual machine (Microsoft VM) includes a security vulnerability that could enable a malicious Web site operator to access the files on a user's computer and, if the user is part of an intranet, to read Web content within that intranet.

This affects the following builds of the Microsoft VM:
  • All builds in the 3000 series.

CAUSE

The Microsoft VM allows archive files (CAB or JAR files) that are used in a Java-based <OBJECT> tag and referenced by the CABBASE, CABINETS, or ARCHIVE parameters to come from locations other than the codebase.

STATUS

Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.

This bug was corrected in the Microsoft VM build 3319.

REFERENCES

For more information, please see Microsoft Security Bulletin MS00-081 at the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/MS00-081.mspx
For additional security-related information about Microsoft products, please refer to the following Microsoft Web site:
http://www.microsoft.com/technet/security/
For support information about Visual J++ and the SDK for Java, visit the following Microsoft Web site:
http://www.microsoft.com/java

Properties

Article ID: 277014 - Last Review: June 30, 2009 - Revision: 5.0
APPLIES TO
  • Microsoft Java Virtual Machine
Keywords: 
kbbug kbfix kbjava kbjavavm33xxfix kbsechack kbsecurity kbsecvulnerability KB277014

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com