System Compromise Vulnerability in Microsoft Virtual Machine

Reported April 9, 2003, by Microsoft.

 

 

VERSIONS AFFECTED

 

·         Microsoft Virtual Machine 5.0.3809 and earlier

 

DESCRIPTION

 

A vulnerability in Microsoft Virtual Machine can result in the execution of code on the vulnerable system under the user’s security context. This vulnerability occurs because the ByteCode verifier doesn't correctly check for the presence of certain malicious code during the loading of a Java applet. To exploit this vulnerability, an attacker can create a malicious Java applet and insert it into a Web page.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-011, "Flaw in Microsoft VM Could Enable System Compromise (816093)," to address this vulnerability and recommends that affected users immediately apply the patch mentioned in the bulletin.

 

CREDIT          

Discovered by Microsoft.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish