-----BEGIN PGP SIGNED MESSAGE-----
Title: Flaw in Microsoft VM Could Enable System Compromise (816093) Date: 09 April 2003 Software: Microsoft VM Impact: Allow attacker to execute code of his or her choice Max Risk: Critical Bulletin: MS03-011
Microsoft encourages customers to review the Security Bulletins at:
The Microsoft VM is a virtual machine for the Win32(r) operating environment. The Microsoft VM is shipped in most versions of Windows, as well as in most versions of Internet Explorer.
The present Microsoft VM, which includes all previously released fixes to the VM, has been updated to include a fix for the newly reported security vulnerability. This new security vulnerability affects the ByteCode Verifier component of the Microsoft VM, and results because the ByteCode verifier does not correctly check for the presence of certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet and inserting it into a web page that when opened, would exploit the vulnerability. An attacker could then host this malicious web page on a web site, or could send it to a user in e-mail.
A patch is available to fix this vulnerability. Please read the Security Bulletins at
for information on obtaining this patch.
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
-----BEGIN PGP SIGNATURE----- Version: PGP 7.1
iQEVAwUBPpRYWI0ZSRQxA/UrAQEXiwgAgvUzIpThMuGXB4RjSMCXVHV2wI7dT6/n aWTNS9BBwypERdcr8L4N3oCpgyWb4DPNCCPTMjHWZ4jIEn5pTs6W8MoPT3a3RGSX SYkdqj5eOR0/0gh7ZeZZS4UU3hFvi4we2M7opxsTtTjFhOU/GhxESQZlRVyLyu5a OCvj7eiY4zor9lgVp8uqKpu2WLX3Ymy6+kHRfAMzuW9sS2f6AfsFIs/NBH5K0Bhi kENM2cAYXwGtvNf6TyYbCG5fAWD2vAOMqOf5vTQCfQrezUm0dwMEvQc6G6VYB9Uw gtfp7iaDRAe9TdsjqBaiTZnxelH4VOT0NPwXn4cocnEut+540WM7dw== =I/mL -----END PGP SIGNATURE-----
You have received this e-mail bulletin because of your subscription to the Microsoft Product Security Notification Service. For more information on this service, please visit http://www.microsoft.com/technet/security/notify.asp.
To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp.
To unsubscribe from the Microsoft Security Notification Service, please visit the Microsoft Profile Center at http://register.microsoft.com/regsys/pic.asp
If you do not wish to use Microsoft Passport, you can unsubscribe from the Microsoft Security Notification Service via email as described below: Reply to this message with the word UNSUBSCRIBE in the Subject line.
For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security.