Vulnerability Note VU#447569

Microsoft Windows Virtual Machine (VM) ByteCode Verifier fails to properly check Java applets for malicious code

Original Release date: 10 Apr 2003 | Last revised: 10 Apr 2003

Overview

The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet.

Description

The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. If an intruder can convince a victim to run a malicious Java applet, the intruder could run arbitrary code on the victim's machine. For more information, please see Microsoft Security Bulletin MS03-011.

Impact

After convincing a victim to download and run a malicious Java applet, an intruder could run arbitrary code with the privileges of the victim.

Solution

Apply a patch as described in Microsoft Security Bulletin MS03-011.

In addition to applying the patch, we strongly recommend the security updates to Microsoft Outlook as described in http://office.microsoft.com/Downloads/2000/Out2ksec.aspx.

Systems Affected (Learn More)

No information available. If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Microsoft for reporting and correcting this vulnerability.

This document was written by Shawn V Hernan based on information provided by Microsoft in Microsoft Security Bulletin MS03-011.

Other Information

  • CVE IDs: CAN-2003-0111
  • Date Public: 09 Apr 2003
  • Date First Published: 10 Apr 2003
  • Date Last Updated: 10 Apr 2003
  • Severity Metric: 2.25
  • Document Revision: 9

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.