Reported April 9, 2003, by Microsoft.
· Microsoft Virtual Machine 5.0.3809 and earlier
A vulnerability in Microsoft Virtual Machine can result in the execution of code on the vulnerable system under the user’s security context. This vulnerability occurs because the ByteCode verifier doesn't correctly check for the presence of certain malicious code during the loading of a Java applet. To exploit this vulnerability, an attacker can create a malicious Java applet and insert it into a Web page.
Microsoft has released Security Bulletin MS03-011, "Flaw in Microsoft VM Could Enable System Compromise (816093)," to address this vulnerability and recommends that affected users immediately apply the patch mentioned in the bulletin.
Discovered by Microsoft.