J-Security Center

Title: Microsoft Java Virtual Machine Class Cast Vulnerability

Severity: HIGH

Description:

The Virtual Machine is a component of various programs and operating systems that handles the execution of Java code. All Microsoft VMs with build numbers between 2000 and 3187 inclusive have been found to contain a weakness whereby a Java applet could take any action on the local machine that the user could take. This is possible because the MS VM allows 'cast', or conversion, operations to be done on classes, which creates the opportunity for a 'public' class to be converted to 'private', thereby increasing the privileges of the code within that class. This action could not be coded in a regular java compiler, but the java binary could be edited spoecifically to cause the cast operation.

Affected Products:

  • Microsoft Internet Explorer 4.0.0
  • Microsoft Internet Explorer 4.0.0 for Windows 95
  • Microsoft Internet Explorer 4.0.0 for Windows NT 3.51
  • Microsoft Internet Explorer 4.0.0 for Windows NT 4.0
  • Microsoft Internet Explorer 5.0 for Windows 2000
  • Microsoft Internet Explorer 5.0 for Windows 95
  • Microsoft Internet Explorer 5.0 for Windows 98
  • Microsoft Internet Explorer 5.0 for Windows NT 4.0
  • Microsoft Virtual Machine 2000 Series 0.0.0
  • Microsoft Virtual Machine 3000 Series 0.0.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.