MS Java VM Exposes User Files

MS Java VM Exposes User Files
Reported Feburary 18, 2000 by Hideo Nakamura

VERSIONS AFFECTED

Microsoft Java VM, all builds in the 2000,3100,and 3200 series

DESCRIPTION

According to Microsoft"s bulletin, "The version of the Microsoft VM that ships with Microsoft Internet Explorer \[IE\] 4.x and Internet Explorer 5.x contains a security vulnerability that could allow a Java applet to operate outside the bounds set by the sandbox. A malicious user could write a Java applet that could read - but not change, delete or add - files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet. The malicious user would need to know the exactly path and filename of the files he wished to read."

Keep in mind that Microsoft"s Java VM ships with other products as well. So even if you do not have IE installed you may in fact have the Java VM installed anyway.

VENDOR RESPONSE

Microsoft has issued a new Java VMs as well as a FAQ regarding this matter. No Support Online article was available at the time of this writing.

New versions of the Microsoft VM that include a fix for the vulnerability can be downloaded from the following locations:

2000 series builds (IE4.x): http://www.microsoft.com/java/vm/dl_vmsp2.htm
3100 series builds (IE5.0): http://www.microsoft.com/java/vm/dl_vm32.htm
3200 series builds (IE5.01): http://www.microsoft.com/java/vm/dl_vm40.htm

CREDITS
Discovered by Hideo Nakamura

Comments

Plain text