Flaw in Microsoft VM Could Enable System Compromise

From: K-Otik.com (contrib@K-Otik.com)
Date: 04/10/03

  • Next message: Daniel NystrQ=B6m?=: "working apache <= 2.0.44 DoS exploit for linux."
    Date: 10 Apr 2003 18:48:21 -0000
    From: K-Otik.com <contrib@K-Otik.com>
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    TITLE : Microsoft Virtual Machine Bytecode Verifier Vulnerability
    CRITICAL : Highly critical
    IMPACT : System access
    OPERATING SYSTEM:

    Microsoft Windows 95
    Microsoft Windows 98 and 98SE
    Microsoft Windows Millennium
    Microsoft Windows NT 4.0, beginning with Service Pack 1
    Microsoft Windows 2000
    Microsoft Windows XP

    DESCRIPTION:
    -----------
    A vulnerability identified in Microsoft VM (Virtual Machine) shipped
    with almost all versions of Windows (except some versions of Windows
    XP) can be exploited by malicious people to compromise a user's
    system.

    The vulnerability is caused by an input validation error in the
    ByteCode Verifier, since it doesn't check for certain malicious
    sequences of byte codes when loading Java applets. This can be
    exploited by crafting a special Java applet and include it in web
    page, which can either be hosted on a website or sent directly to a
    user in an email.

    When a user on a vulnerable system views the malicious web page, the
    Java applet will be able to execute arbitrary code on the user's
    system with the user's privileges.

    In the email scenario, the vulnerability can be exploited
    automatically to execute arbitrary code on the user's system when the
    malicious email is viewed. However, this is not possible if the user
    is viewing the malicious email in Outlook Express 6.0 or Outlook 2002
    in their default configurations, or Outlook 98 or Outlook 2000 in
    conjunction with the Outlook Email Security Update.

    To check the version number of the installed Microsoft VM:
    1) Type "Jview" at the command line.
    2) Look at the four last digits of the version number at the topmost
    line.

    SOLUTION: Update Microsoft VM to version 3810 or later.
    --------

    http://www.microsoft.com/technet/security/bulletin/MS03-011.asp
    http://windowsupdate.microsoft.com/
    http://www.k-otik.com

    -----------------------------------------------------------------------


  • Next message: Daniel NystrQ=B6m?=: "working apache <= 2.0.44 DoS exploit for linux."

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #71
      ... DaanSystems NewsReactor Password Encoding Vulnerability ... Microsoft Windows NT Inaccurate Login Logging Vulnerability ... Oracle RDBMS Server Default Account Vulnerability ... Avirt Gateway Suite Telnet Proxy Remote SYSTEM Access... ...
      (Focus-Microsoft)
    • [NT] Outlook Express Cumulative Security Update (MS04-18)
      ... Get your security news from a reliable source. ... This update resolves a public vulnerability. ... If a user is running Outlook ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ...
      (Securiteam)
    • SecurityFocus Microsoft Newsletter #145
      ... integrated suite of Web application security products, ... Microsoft URLScan Tool Information Disclosure Vulnerability ... BillingExplorer Multiple Remote Client Communication Integrity... ... Microsoft Windows CreateFile API Named Pipe Privilege... ...
      (Focus-Microsoft)
    • RE: OT - 5 New Critical Updates for WinXPSP1 from WIndows Update
      ... You seem to know a lot about outlook express. ... Microsoft Security Bulletin MS04-018 ... Microsoft Windows NT Server 4.0 Service Pack 6a ... Severity Ratings and Vulnerability Identifiers: ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress.stationery)
    • SecurityFocus Microsoft Newsletter #177
      ... RobotFTP Server Username Buffer Overflow Vulnerability ... Ipswitch IMail Server Remote LDAP Daemon Buffer Overflow Vul... ... Microsoft Windows XP Help And Support Center Interface Spoof... ...
      (Focus-Microsoft)