Microsoft Patches Critical Virtual Machine Flaw

 
 
By Dennis Fisher  |  Posted 2003-04-09 Email Print this article Print
 
 
 
 
 
 
 

Flaw allows attackers to run code on vulnerable computers.

Microsoft Corp. on Wednesday released a patch for a critical new flaw in its Virtual Machine Java implementation that gives an attacker the ability to run code on a vulnerable computer. The Virtual Machine is included in nearly every version of Windows as well as in most version of Internet Explorer. The vulnerability is in the ByteCode Verifier component of the VM, which is part of the class-verification process. The component does not correctly check for the presence of some malicious code as Java applets are loaded.
The most likely way for an attacker to exploit this flaw is by creating a malicious Java applet, embedding it in a Web page and then either enticing a user to visit the page or e-mailing the page to the user.
The patch for this vulnerability is available here.


 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel