A flaw in the Microsoft virtual machine (Microsoft VM) could allow malicious Java applets to block other, legitimate applets from running, resulting in a denial-of-service condition.
The Microsoft virtual machine (Microsoft VM) enables Java programs to run on Windows platforms. The Microsoft VM is included in most versions of Windows and Internet Explorer.
The Standard Security Manager is a component of the VM’s security policy mechanism, and provides information about the restrictions that should be enforced when Java applets run within Internet Explorer. Among the information it can contain is a list of Java applets and modules that Java applets should not be able to invoke.
Exploitation of this vulnerability could result in a denial-of-service condition since a malicious program or applet may list other, legitimate programs or applets to the "banned" list in the Standard Security Manager. A malicious Java program that was designed to exploit this vulnerability could be hosted on an attacker's web page or introduced via HTML email.
Apply a patch from the vendor
Thanks to Jouko Pynnonen for reporting this vulnerability.
This document was written by Chad R Dougherty.
|Date First Published:||2003-01-21|
|Date Last Updated:||2003-01-21 21:42 UTC|