Suggest A Fix PC Support Forums > MS Alert: Java Virtual Machine bypasses security

Full Version: MS Alert: Java Virtual Machine bypasses security

Suggest A Fix PC Support Forums > Security > Security News and Warnings

Interceptor

Nov 27 2002, 07:58 PM

Last Stage of Delirium reported a vulnerability in Microsoft's Java Virtual Machine that may allow a remote user to execute arbitrary code on a victim's computer with the privileges of the target user. This flaw is in the Microsoft VM component of IE, a separate component.

The flaw is in the protection of Class Loader objects provided in VM. A remote user can create a fully functioning instance of a Class Loader object from the untrusted code of a remote user's malicious applet.

There was no solution available from Microsoft at this time.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.