Title: Microsoft Internet Explorer for Macintosh java.net.URLConnection Vulnerability
Severity: MODERATE
Description:
In certain versions of Microsoft Internet Explorer with various java implementations for MacOS, it is possible to open a data connection from a target host through a java applet violating the IE security model. To exploit this, an attacker would first have to make a website with the malicious java applet on it. The vulnerable user would have to visit that site and execute the java applet. The java applet could then open a connection to an arbitrary host. It was intially thought that this was a problem with the getImage() method but it is now thought that URLConnection is the problem (it is called by getImage()).
Affected Products:
- Microsoft Internet Explorer Macintosh Edition 4.5.0Microsoft VM
- Microsoft Internet Explorer Macintosh Edition 5.0.0MRJ 2.1.4
- Microsoft Internet Explorer Macintosh Edition 5.0.0MRJ 2.2
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
