Vulnerability Note VU#447569

Microsoft Windows Virtual Machine (VM) ByteCode Verifier fails to properly check Java applets for malicious code

Overview

The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet.

I. Description

The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. If an intruder can convince a victim to run a malicious Java applet, the intruder could run arbitrary code on the victim's machine. For more information, please see Microsoft Security Bulletin MS03-011.

II. Impact

After convincing a victim to download and run a malicious Java applet, an intruder could run arbitrary code with the privileges of the victim.

III. Solution

Apply a patch as described in Microsoft Security Bulletin MS03-011.

In addition to applying the patch, we strongly recommend the security updates to Microsoft Outlook as described in http://office.microsoft.com/Downloads/2000/Out2ksec.aspx.

Systems Affected

No Information Available

References

Credit

Thanks to Microsoft for reporting and correcting this vulnerability.

This document was written by Shawn V Hernan based on information provided by Microsoft in Microsoft Security Bulletin MS03-011.

Other Information

Date Public:	2003-04-09
Date First Published:	2003-04-10
Date Last Updated:	2003-04-10
CERT Advisory:
CVE-ID(s):	CAN-2003-0111
NVD-ID(s):	CAN-2003-0111
US-CERT Technical Alerts:
Metric:	2.25
Document Revision:	9

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader