FIX: Microsoft VM applet vulnerability (271752)


The information in this article applies to:

  • Microsoft virtual machine
This article was previously published under Q271752

SYMPTOMS

The Microsoft virtual machine (Microsoft VM) includes a vulnerability that could enable a malicious user to use an unsigned applet to read Web content behind a firewall. To exploit this vulnerability, the malicious user would have to know the exact URLs of the sites.

This affects the following builds of the Microsoft VM:
  • All builds in the 2000 series.
  • All builds in the 3100 series.
  • All builds in the 3200 series.
  • All builds in the 3300 series.

RESOLUTION

To resolve this potential problem, install the latest version of the Microsoft VM as specified in this section. For more information, visit the following Microsoft Web site:

http://www.microsoft.com/mscorp/java/

Warning After you install the updated Microsoft VM, you cannot uninstall it.
  • 2000-series Microsoft VM customers
    Upgrade to build 2446 or later.
  • 3100-series Microsoft VM customers
    Upgrade to build 3316 or later.
  • 3200-series Microsoft VM customers
    Upgrade to build 3316 or later.
  • 3300-series Microsoft VM customers
    Upgrade to build 3316 or later.
You can perform the following steps to determine the build number of your Microsoft VM:
  1. Open a Command window:
    • On Microsoft Windows 2000 and Microsoft Windows NT, click Start, click Run, type cmd, and then click OK.
    • On Microsoft Windows 95 or Microsoft Windows 98, click Start, click Run, type command, and then click OK.
  2. At the Command prompt, type jview and then press ENTER. The version information is at the right of the topmost line. It appears in the format "5.00.xxxx", where "xxxx" is the build number. For example, if the version number is 5.00.1234, the build number is 1234.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was corrected in recent patches for the Microsoft VM.

See the "Resolution" section of this article for more information about the fixes.

REFERENCES

For more information, please see Microsoft Security Bulletin MS00-059:

http://www.microsoft.com/technet/security/bulletin/ms00-059.asp

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

253562 FIX: Untrusted code can access files on end-user systems

For additional security-related information about Microsoft products, please refer to the following Microsoft Web site:

http://www.microsoft.com/technet/security/

For support information about Visual J++ and the SDK for Java, visit the following Microsoft Web site:

http://www.microsoft.com/java

Modification Type:MajorLast Reviewed:6/14/2006
Keywords:kbBug kbfix kbJavaVM33xxfix KbSECBulletin kbSecurity KbSECVulnerability KB271752
©2004 Microsoft Corporation. All rights reserved.