MS03-011: Flaw in the Microsoft VM could enable system compromise

The Microsoft virtual machine Microsoft VM update that was previously listed in this article is no longer available. For more information, visit the following Microsoft Web pages: http://www.microsoft.com/mscorp/java/default.mspxhttp://support.microsoft.com/gp/lifean12Technical UpdateJuly 17, 200...

Flaw in Microsoft VM Could Allow Code Execution (810030)

Hotfix to fix Flaw in Microsoft VM could Allow Code Execution 810030 Impact of vulnerability: Three vulnerabilities, the most serious of which could enable an attacker to gain complete control over a user's system. Maximum Severity Rating: Critical Recommendation: Administrators should install th...

Microsoft VM Multiple Vulnerabilities (MS02-052, MS02-069)

Microsoft Virtual Machine Microsoft VM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2002 SECNAP Network Security, LLC Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2002-1260

The CVE-2002-1260 vulnerability affects Microsoft Virtual Machine (VM) 5.0.3805 and earlier, where the JDBC APIs can be exploited by an untrusted Java applet to bypass security checks and access database contents. This is a remote, network‑vector issue that allows partial confidentiality/integrit...

EUVD-2002-1244

The Java Database Connectivity JDBC APIs in Microsoft Virtual Machine VM 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet...

CVE-2002-0865

CVE-2002-0865 affects Microsoft Virtual Machine (VM) prior to 5.0.3805, where the XML-support class com.ms.osp.ospmrshl exposes unsafe methods that can permit remote code execution via a Java applet. Microsoft’s MS02-052 patch is the documented fix path; other sources (CERT/OpenVAS) identify this...

CVE-2003-0111

The CVE-2003-0111 issue affects the ByteCode Verifier component of Microsoft Virtual Machine (VM) used in Windows/Internet Explorer, specifically build 5.0.3809 and earlier. The underlying flaw is that the VM bytecode verifier fails to properly check certain Java applets, allowing remote attacker...

MS03-011: Flaw in Microsoft VM (816093)

The remote host is running a Microsoft VM machine that has a bug in its bytecode verifier that could allow a remote attacker to execute arbitrary code on this host with the privileges of the user running the VM. To exploit this vulnerability, an attacker would need to send a malformed applet to a...

Microsoft Windows Virtual Machine (VM) ByteCode Verifier fails to properly check Java applets for malicious code

Overview The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. Description The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. If an intruder can convince a victim to run a malicious Java applet, the intruder coul...

Microsoft Security Bulletin MS03-011:Flaw in Microsoft VM Could Enable System Compromise (816093)

-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------- Title: Flaw in Microsoft VM Could Enable System Compromise 816093 Date: 09 April 2003 Software: Microsoft VM Impact: Allow attacker to execute code of his or her choice Max Risk: Critical...

MS02-013: Cumulative VM Update (300845)

The Microsoft VM is a virtual machine for the Win32 operating environment. There are numerous security flaws in the remote Microsoft VM that could allow an attacker to execute arbitrary code on this host. To exploit these flaws, an attacker would need to set up a malicious web site with a rogue...

MS02-052: Flaw in Microsoft VM Could Allow Code Execution (810030)

The remote host is running a Microsoft VM machine that has a bug in its bytecode verifier that could allow a remote attacker to execute arbitrary code on this host, with the privileges of the SYSTEM. To exploit this vulnerability, an attacker would need to send a malformed applet to a user on thi...

Microsoft VM 20003000310031883200330038023805 series - JDBC Class Code Execution

Microsoft VM 20003000310031883200330038023805 series - JDBC Class Code Execution source: https://www.securityfocus.com/bid/5751/info Java Database Connectivity JDBC classes are used by the Virtual Machine to provide connectivity to various data sources. It is possible to spoof a JDBC class reques...

Security Bulletin MS02-052: Flaw in Java VM JDBC Classes Could Allow Code Execution (Q329077)

---------------------------------------------------------------------- Title: Flaw in Microsoft VM JDBC Classes Could Allow Code Execution Q329077 Released: 18 September 2002 Software: Versions of the Microsoft virtual machine Microsoft VM Impact: Three vulnerabilities, the most serious of which...

Microsoft VM 2000/3000/3100/3188/3200/3300/3802/3805 series - JDBC Class Code Execution

source: https://www.securityfocus.com/bid/5751/info Java Database Connectivity JDBC classes are used by the Virtual Machine to provide connectivity to various data sources. It is possible to spoof a JDBC class request to make it appear as though it came from an authorized applet. This could allow...

CVE-2002-0076

Java Runtime Environment JRE Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in 1 Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, 2 Netscape 6.2.1 and earlier, and...

Security Bulletin MS02-013 (Version 2.0)

---------------------------------------------------------------------- Title: 04 March 2002 Cumulative VM Update Released: 04 March 2002 Revised: 18 March 2002 version 2.0 Software: Microsoft Virtual Machine Impact: Information Disclosure, run code of an attacker's choice Max Risk: Critical...

CVE-2000-1061

CVE-2000-1061 involves the Microsoft Virtual Machine (VM) in Internet Explorer 4.x–5.x, where an unsigned applet can create and use ActiveX controls. This enables a remote attacker to bypass IE security settings and execute arbitrary commands via a malicious web page or email. The underlying issu...

Security Bulletin (MS00-081)

Microsoft Security Bulletin MS00-081 - -------------------------------------- Patch Available for New Variant of "VM File Reading" Vulnerability Originally posted: October 25, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the Microsoftr virtual...

Security Bulletin (MS00-075)

Microsoft Security Bulletin MS00-075 - -------------------------------------- Patch Available for "Microsoft VM ActiveX Component" Vulnerability Originally posted: October 12, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr virtual machin...