Information Disclosure Vulnerability in Microsoft Virtual Machine

Reported March 4, 2002, by Microsoft.

VERSIONS AFFECTED

  • Microsoft Virtual Machine

DESCRIPTION
A vulnerability exists in Microsoft Virtual Machine build 3802 and earlier that can result in disclosing unauthorized information. As a result of a problem in the Virtual Machine, an attacker can use a malicious Java applet to redirect Web traffic, once the java applet has a proxy server, to a destination of the attacker’s choice. An intruder can use this vulnerability to send an authorized user’s Internet session to a system of the intruder's own control without the user’s knowledge.

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS02-013, which addresses this vulnerability, and recommends that affected users immediately upgrade to build 3805 or later.

CREDIT
Discovered by Harmen van der Wal.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish