Article ID: 244283 - Last Review: June 30, 2009 - Revision: 7.0

MS99-045: Bypassing Java Sandbox with Program Results in VM Security Vulnerability

View products that this article applies to.
This article was previously published under Q244283
Notice
The Microsoft virtual machine (Microsoft VM) update that was previously listed in this article is no longer available. For more information, visit the following Microsoft Web pages:
http://www.microsoft.com/mscorp/java/default.mspx (http://www.microsoft.com/mscorp/java/default.mspx)
http://support.microsoft.com/gp/lifean12 (http://support.microsoft.com/gp/lifean12)
Expand all | Collapse all

SYMPTOMS

When you manually construct a Java program by using a Java bytecodes assembler to operate outside the bounds that are set by the sandbox (the security scheme for Java programs), it may be possible for the program to exploit a security vulnerability in the Microsoft virtual machine (Microsoft VM).

If the program is hosted on a Web site, it may be possible to run a program or perform certain tasks on the computer of a visiting user that the user does not authorize. This may include the following tasks:
  • Create a file.
  • Delete a file.
  • Modify a file.
  • Send data to a Web site.
  • Receive data from a Web site.
  • Reformat the hard disk.
Back to the top

STATUS

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft virtual machine.
Back to the top

MORE INFORMATION

For more information about this vulnerability, refer to the following Microsoft Web sites:
http://www.microsoft.com/technet/security/bulletin/ms02-013.mspx (http://www.microsoft.com/technet/security/bulletin/ms02-013.mspx)

http://www.microsoft.com/technet/security/bulletin/ms99-045.mspx (http://www.microsoft.com/technet/security/bulletin/ms99-045.mspx)
For additional information about the Microsoft virtual machine, click the article number below to view the article in the Microsoft Knowledge Base:
169803  (http://support.microsoft.com/kb/169803/EN-US/ ) INFO: Historical List of Shipping Vehicles for Microsoft VM
For support information about Visual J++ and the SDK for Java, visit the following Microsoft Web site:
http://www.microsoft.com/java (http://www.microsoft.com/java)
Back to the top
APPLIES TO
  • Microsoft Java Virtual Machine, when used with:
    • the operating system: Microsoft Windows XP
    • Microsoft Windows Millennium Edition
    • the operating system: Microsoft Windows 2000
    • Microsoft Windows NT 4.0
    • Microsoft Windows 98 Second Edition
    • Microsoft Windows 98 Standard Edition
    • Microsoft Windows 95
Back to the top
Keywords: 
kbbug kbfix kbsecurity kbsecvulnerability KB244283
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations