Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability
BID:1812
Info
Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability
| Bugtraq ID: | 1812 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Oct 18 2000 12:00AM |
| Updated: | Oct 18 2000 12:00AM |
| Credit: | Posted to Bugtraq on October 18, 2000 by Georgi Guninski <[email protected]>. |
| Vulnerable: |
Microsoft Virtual Machine 3000 Series Microsoft Virtual Machine 2000 Series |
| Not Vulnerable: | |
Discussion
Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability
An attacker may gain read access on remote systems by specifying a custom codebase in a Java applet, and delivering to the victim(s) via HTML email or a website. Any arbitrary codebase can be referenced by a java applet that was loaded by an <OBJECT> tag in conjunction with a jar file when using Microsoft Internet Explorer or Outlook/Outlook Express. This allows for the possibility of any known file to be read by a remote attacker.
An attacker may gain read access on remote systems by specifying a custom codebase in a Java applet, and delivering to the victim(s) via HTML email or a website. Any arbitrary codebase can be referenced by a java applet that was loaded by an <OBJECT> tag in conjunction with a jar file when using Microsoft Internet Explorer or Outlook/Outlook Express. This allows for the possibility of any known file to be read by a remote attacker.
Exploit / POC
Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability
Georgi Guninski <[email protected]> has set up a demonstration page that will display the contents of C:\ and C:\text.txt.
http://www.guninski.com/javacodebase1.html
Georgi Guninski <[email protected]> has set up a demonstration page that will display the contents of C:\ and C:\text.txt.
http://www.guninski.com/javacodebase1.html
Solution / Fix
Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability
Solution:
Microsoft has released patches which eliminate this vulnerability. Microsoft has provided the following instructions in order to determine the version of Virtual Machine you are running:
Open a command window:
1) Windows NT or Windows 2000, choose "Start", then "Run", then type "CMD" and hit the enter key.
2) On Windows 95, 98, or Windows Me choose "Start", then "Run" then type "COMMAND" and hit the enter key.
3) At the command prompt, type "JVIEW" and hit the enter key.
4) The version information will be at the right of the topmost line. It will have a format like "5.00.xxxx", where the "xxxx" is the build number. For example, if the version number is 5.00.1234, you have build number 1234.
Microsoft Virtual Machine 2000 Series
Microsoft Virtual Machine 3000 Series
Solution:
Microsoft has released patches which eliminate this vulnerability. Microsoft has provided the following instructions in order to determine the version of Virtual Machine you are running:
Open a command window:
1) Windows NT or Windows 2000, choose "Start", then "Run", then type "CMD" and hit the enter key.
2) On Windows 95, 98, or Windows Me choose "Start", then "Run" then type "COMMAND" and hit the enter key.
3) At the command prompt, type "JVIEW" and hit the enter key.
4) The version information will be at the right of the topmost line. It will have a format like "5.00.xxxx", where the "xxxx" is the build number. For example, if the version number is 5.00.1234, you have build number 1234.
Microsoft Virtual Machine 2000 Series
-
Microsoft Q275609
Upgrade to build 3319 or later.
http://www.microsoft.com/java/vm/dl_vm40.htm
Microsoft Virtual Machine 3000 Series
-
Microsoft Q275609
Upgrade to build 3319 or later.
http://www.microsoft.com/java/vm/dl_vm40.htm
References
Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability
References:
References: