Reported March 4, 2002, by Microsoft.
VERSIONS AFFECTED
- Microsoft Virtual Machine
DESCRIPTION
A vulnerability exists in Microsoft Virtual Machine build 3802 and earlier that
can result in disclosing unauthorized information. As
a result of a problem in the Virtual Machine, an attacker can use a malicious
Java applet to redirect Web traffic, once the java applet has a proxy server, to
a destination of the attacker’s choice. An intruder can use this vulnerability
to send an authorized user’s Internet session to a system of the intruder's
own control without the user’s knowledge.
VENDOR RESPONSE
The vendor, Microsoft, has released Security Bulletin MS02-013, which addresses this vulnerability, and recommends that affected users immediately upgrade to build 3805 or later.
CREDIT
Discovered by Harmen
van der Wal.