105 matches found
Microsoft Virtual PC Services Insecure Temporary File Creation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Virtual PC Services Insecure Temporary File Creation Release Date: 02/10/2004 Application: Connectix Virtual PC 6.0.x Microsoft Virtual PC 6.1 Platform: Mac OS X Severity: Local privilege...
Microsoft Security Bulletin MS04-005
Microsoft Security Bulletin MS04-005 Vulnerability in Virtual PC for Mac could lead to privilege elevation 835150 Issued: February 10, 2004 Version: 1.0 Summary Who should read this document: Customers who are using Microsoft® Virtual PC for Mac Impact of vulnerability: Elevation of Privilege...
Microsoft Virtual PC For Mac Temporary File Privilege Escalation Vulnerability
Description Microsoft has reported an issue in Virtual PC for Mac that may permit a local attacker to gain elevated privileges on a system hosting the software. This is due to insecure handling of temporary files by the setuid root VirtualPCServices binary, potentially permitting a malicious loca...
CVE-2003-0111
The ByteCode Verifier component of Microsoft Virtual Machine VM build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise....
CVE-2003-0111
The ByteCode Verifier component of Microsoft Virtual Machine VM build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise....
Flaw in Microsoft VM Could Enable System Compromise
TITLE : Microsoft Virtual Machine Bytecode Verifier Vulnerability CRITICAL : Highly critical IMPACT : System access OPERATING SYSTEM: Microsoft Windows 95 Microsoft Windows 98 and 98SE Microsoft Windows Millennium Microsoft Windows NT 4.0, beginning with Service Pack 1 Microsoft Windows 2000...
Microsoft Virtual Machine incorrectly parses the domain portion of URLs containing a colon
Overview Some versions of the Microsoft virtual machine Microsoft VM contain a flaw that could allow untrusted Java applets from an attacker's site to be run instead of the trusted applet from the intended site. Description The Microsoft virtual machine Microsoft VM enables Java programs to run o...
Microsoft Virtual Machine allows applets write access to the Standard Security Manager
Overview A flaw in the Microsoft virtual machine Microsoft VM could allow malicious Java applets to block other, legitimate applets from running, resulting in a denial-of-service condition. Description The Microsoft virtual machine Microsoft VM enables Java programs to run on Windows platforms. T...
Microsoft Virtual Machine allows untrusted applets to access the user.dir system property
Overview Some versions of the Microsoft virtual machine Microsoft VM contain a flaw that could leak information about the user's system. This flaw could allow malicious Java applets to get information they would normally be denied access to. Description The Microsoft virtual machine Microsoft VM...
CVE-2002-1257
Microsoft Virtual Machine VM up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM Component Object Model objects in a web site or an HTML mail...
CVE-2002-1325
Microsoft Virtual Machine VM build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."...
CVE-2002-1260
The Java Database Connectivity JDBC APIs in Microsoft Virtual Machine VM 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet...
CVE-2002-1258
Two vulnerabilities in Microsoft Virtual Machine VM up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error...
CVE-2002-1258
Two vulnerabilities in Microsoft Virtual Machine VM up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error...
CVE-2002-1258
CVE-2002-1258 affects Microsoft Virtual Machine (VM) up to build 5.0.3805, as used in Internet Explorer and other applications. The vulnerability allows remote attackers to read files via a Java applet whose CODEBASE parameter in the APPLET tag is spoofed, likely due to a parsing error. Documents...
Multiple bugs in Microsoft Virtual Java Machine
Amongg others there are bugs allowing file access on client computer...
CVE-2002-0867
Microsoft Virtual Machine VM up to and including build 5.0.3805 allows remote attackers to cause a denial of service crash in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw."...
CVE-2002-0866
Java Database Connectivity JDBC classes in Microsoft Virtual Machine VM up to and including 5.0.3805 allow remote attackers to load and execute DLLs dynamic link libraries via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string,...
CVE-2002-0865
A certain class that supports XML Extensible Markup Language in Microsoft Virtual Machine VM 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Suppor...
Microsoft Virtual Machine Multiple JDBC Vulnerabilities
Description Microsoft Virtual Machine contains three vulnerabilities that could allow a remote attacker to execute code on the vulnerable system. Successful exploitation could lead to a complete system compromise. The first vulnerability allows remote execution of DLLs. These would be executed in...