Article ID: 240346 - Last Review: June 30, 2009 - Revision: 5.0 Malicious Java Applet May Be Able to Read, Write, or Delete Files on the Computer of a Web Site VisitorThis article was previously published under Q240346 NoticeThe Microsoft virtual machine (Microsoft VM) update that was previously listed in this article is no longer available. For more information, visit the following Microsoft Web pages:http://www.microsoft.com/mscorp/java/default.mspx
(http://www.microsoft.com/mscorp/java/default.mspx)
http://support.microsoft.com/gp/lifean12 (http://support.microsoft.com/gp/lifean12) SYMPTOMS
A scenario has been identified through which a Java applet can operate outside the bounds set by the sandbox and perform normally unauthorized functions on your computer. Exploiting the vulnerability is only possible through a very carefully managed series of steps, and cannot happen accidentally. However, if a malicious Web site operator hosts a Java applet that exploits this security vulnerability, it could read, write, or delete files on your computer when you visit the site.
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
This problem has been corrected in build 3234 of the Microsoft Virtual Machine (VM) that is included with Internet Explorer version 5.01. NOTE: JVIEW in Windows 2000 displays the build number as 3229. MORE INFORMATION
For more information, please see the following Microsoft Security Bulletin:
http://www.microsoft.com/security/bulletins/ms99-031faq.asp
(http://www.microsoft.com/security/bulletins/ms99-031faq.asp)
For additional security-related information about Microsoft products, please go to:
http://www.microsoft.com/security/
(http://www.microsoft.com/security/)
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Help and Support
Back to the top
|
