SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Microsoft Virtual Machine (VM) Vendors:   Microsoft
Microsoft Windows VM Input Validation Flaw in ByteCode Verifier Lets Malicious Java Applets Execute Arbitrary Code
SecurityTracker Alert ID:  1006532
SecurityTracker URL:  http://securitytracker.com/id/1006532
CVE Reference:   CVE-2003-0111   (Links to External Site)
Date:  Apr 9 2003
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Microsoft Windows 95, 98, 98SE, Me, NT 4.0, 2000, and XP; VM Build 5.0.3809 and prior
Description:   An input validation vulnerability was reported in the Microsoft Virtual Machine (VM), a component of nearly all Microsoft operating system distributions. A remote user could execute arbitrary code on a target user's computer.

The ByteCode Verifier reportedly does not properly check for certain malicious code when a Java applet is loaded. A remote user could create a malicious Java applet that, when loaded on a target user's computer, would cause arbitrary code to be executed on the target user s computer with the privileges of the target user.

According to the report, certain sequences of malicious byte codes are not detected by the ByteCode Verifier when Java code is first loaded. This reportedly allows the byte code to bypass subsequent security checks and execute arbitrary code on the operating system.

Microsoft indicates that you can determine the version that you are using by executing the 'Jview' application from a command prompt and viewing the version number on the top line of the resulting display (in the format of: x.yy.zzzz). Versions prior to Build 3810 are affected.

The vendor has assigned a maximum severity rating of 'Critical' to this ulnerability.

Impact:   A remote user can create an applet that will execute arbitrary code on the target user's computer with the privileges of the target user.
Solution:   Microsoft has released a patch, available via Windows Update:

http://windowsupdate.microsoft.com

For Windows 2000 SP 2 & 3 only, the patch is also available at the following URLs:

All except Japanese NEC:

http://microsoft.com/downloads/details.aspx?FamilyId=DD870EAC-69EF-4287-9A07-6C740F162644&displaylang=en

NEC Japanese:

http://microsoft.com/downloads/details.aspx?FamilyId=65CC342B-5139-4F81-B3A0-F3F1184CF2F6&displaylang=ja

The patch can be installed on Microsoft Windows 95, 98, 98SE, Me, NT 4.0 SP1 and later, 2000 SP2 or SP3, and XP Gold and SP1.

You can also obtain a version of the patch that can be distributed via networks. See the Microsoft Advisory for information on how to obtain the patch file from the Windows Update Catalog.

A reboot is required after installing the patch.

In the Advisory, Microsoft also describes some workaround steps if you cannot apply the patch.

This bulletin supercedes the following bulletins and patches: MS99-031, MS99-045, MS00-011, MS00-059, MS00-075, MS00-081, MS02-013, MS02-052, and MS02-069.

Microsoft plans to issue Knowledge Base article 816093 regarding this issue, to be available shortly:

http://support.microsoft.com/default.aspx?scid=kb;en-us;816093

Vendor URL:  www.microsoft.com/technet/security/bulletin/MS03-011.asp (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents

Subject:  Flaw in Microsoft VM Could Enable System Compromise (816093)


http://www.microsoft.com/technet/security/bulletin/MS03-011.asp

Flaw in Microsoft VM Could Enable System Compromise (816093)

Maximum Severity Rating: Critical

Affected Versions:  build 5.0.3809 and prior

CVE: CAN-2003-0111

Microsoft Windows VM Input Validation Flaw in ByteCode Verifier Lets 
Malicious Java Applets Execute Arbitrary Code

Microsoft issued Security Bulletin MS03-011 warning of a vulnerability 
in the Microsoft Virtual Machine (VM).

The vendor reports that the ByteCode Verifier does not properly check 
for certain malicious code when a Java applet is loaded.  A remote user 
could create a malicious Java applet that, when loaded on a target 

According to the report, certain sequences of malicious byte codes are 
not detected by the ByteCode Verifier when Java code is first loaded. 
This reportedly allows the byte code to bypass subsequent security 
checks and execute arbitrary code on the operating system.

Microsoft indicates that you can determine the version that you are 
viewing the version number on the top line of the resulting display (in 
the format of: x.yy.zzz).  Versions prior to Build 3810


Microsoft has released a patch, available via Windows Update:

http://windowsupdate.microsoft.com

For Windows 2000 SP 2 & 3 only, the patch is also available at the 
following URLs:

All except Japanese NEC:

http://microsoft.com/downloads/details.aspx?FamilyId=DD870EAC-69EF-4287-9A07-6C740F162644&displaylang=en

NEC Japanese:

http://microsoft.com/downloads/details.aspx?FamilyId=65CC342B-5139-4F81-B3A0-F3F1184CF2F6&displaylang=ja


The patch can be installed on Microsoft Windows 95, 98, 98SE, Me, NT 4.0 
SP1 and later, 2000 SP2 or SP3, and XP Gold and SP1.

You can also obtain a version of the patch that can be distributed via 
networks.  See the Microsoft Advisory for information on how to obtain 
the patch file from the Windows Update Catalog.

A reboot is required after installing the patch.

In the Advisory, Microsoft also describes some workaround steps if you 
cannot apply the patch.

This bulletin supercedes the following bulletins and patches:  MS99-031, 
MS99-045, MS00-011, MS00-059, MS00-075, MS00-081, MS02-013, MS02-052, 
and MS02-069.

Microsoft plans to issue Knowledge Base article 816093 regarding this 
issue, to be available shortly:

http://support.microsoft.com/default.aspx?scid=kb;en-us;816093




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC