Reported September 18, 2002, by Microsoft.
VERSION AFFECTED
· Microsoft Virtual Machine (VM) up to and including build 5.0.3805
DESCRIPTION
Three new vulnerabilities exist in Microsoft VM, the most serious of which can give an attacker complete control over the vulnerable system. The first vulnerability exposes a flaw in the way the Java Database Connectivity (JDBC) classes vet a request to load and execute a DLL on the user’s system. By malforming this request in a particular way, an attacker can spoof this check, which lets the attacker load and execute any DLL on the vulnerable system.
The second vulnerability also involves the JDBC classes and exposes certain functions in the classes that don’t correctly validate the handles that are provided as input. When calling these functions, an attacker can use this flaw to supply invalid data in lieu of an actual handle, which would cause Microsoft Internet Explorer (IE) to fail. This flaw might also let an attacker provide data that would have the effect of running code in the user’s security context on the vulnerable system.
The third vulnerability involves a class that provides XML support for Java applications. This class exposes several methods; some of these methods are suitable for use by any applet, while others are suitable only for use by trusted applets. However, the class doesn’t differentiate correctly between these cases, and instead makes all methods available to all applets. An attacker can misuse these functions, including enabling an applet to take almost any desired action on the vulnerable system.
VENDOR RESPONSE
The vendor, Microsoft, has released Security Bulletin MS02-052 (Flaw in Microsoft VM JDBC Classes Could Allow Code Execution) to address these vulnerabilities, and recommends that affected users apply the appropriate patch mentioned in the bulletin.
CREDIT
Discovered by Microsoft.
