Flaw in Microsoft VM Could Enable System Compromise

By Thomas McGuire on April 9, 2003, 4:50 PM
The present Microsoft VM, which includes all previously released fixes to the VM, has been updated to include a fix for the newly reported security vulnerability. This new security vulnerability affects the ByteCode Verifier component of the Microsoft VM, & results because the ByteCode verifier does not correctly check for the presence of certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet & inserting it into a web page that when opened, would exploit the vulnerability. An attacker could then host this malicious web page on a web site, or could send it to a user in e-mail.

Affected Software:
Versions of the Microsoft virtual machine (Microsoft VM) are identified by build numbers, which can be determined using the JVIEW tool as discussed in the FAQ. All builds of the Microsoft VM up to & including build 5.0.3809 are affected by these vulnerabilities.

Download Update Now




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.