Microsoft Virtual Machine ActiveX Component Can Be Exploited

Microsoft has released a security bulletin and patch addressing an issue with VM that could allow a malicious user to perform any function desired on a machine that is visiting the malicous web site.

Steve Manzuik

October 11, 2000

1 Min Read
ITPro Today logo

Reported October 12, 2000 by Microsoft

VERSIONS AFFECTED

DESCRIPTIONVirtual Machine ActiveX Component can be Exploited

DEMONSTRATION

No demonstration is available.  But, a malicious user could exploit this vulnerability to take any desired action on users PCs if they visit the malicious web site.

VENDOR RESPONSE

Microsoft has released a security advisory, MS00-075 and multiple patches are available depending on the build number.

2000-series Microsoft VM customers will be provided with an update

soon.

3100-series Microsoft VM customers upgrade to build 3318 or later

from:  http://www.microsoft.com/java/vm/dl_vm40.htm

3200-series Microsoft VM customers upgrade to build 3318 or later

from:  http://www.microsoft.com/java/vm/dl_vm40.htm

3300-series Microsoft VM customers upgrade to build 3318 or later

from:  http://www.microsoft.com/java/vm/dl_vm40.htm

CREDITDiscovered by Microsoft

Read more about:

Microsoft
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like