MS Security Bulletin MS02-13

javacool · #1 March 4th, 2002, 09:45 PM

Java Applet Can Redirect Browser Traffic

http://www.microsoft.com/technet/sec...013.asp.<br />

javacool · #2 March 4th, 2002, 09:47 PM

Quote:

Microsoft Security Bulletin MS02-013

Java Applet Can Redirect Browser Traffic
Originally posted: March 04, 2002

Summary
Who should read this bulletin: Customers using Microsoft® Internet Explorer® in a configuration where a proxy server is interposed between the browser and the Internet.

Impact of vulnerability: Information Disclosure

Maximum Severity Rating: Critical

Recommendation: Customers using IE in a proxy server configuration as indicated above should immediately apply the patch.

Affected Software: Versions of the Microsoft virtual machine (Microsoft VM) are identified by build numbers, which can be determined using the JVIEW tool as discussed in the FAQ. The following builds of the Microsoft VM are affected:

All builds of the Microsoft VM up to and including build 3802.

javacool · #3 March 4th, 2002, 09:47 PM

Patch availability
Download locations for this patch
Upgrade to Microsoft VM build 3805 or later at http://www.microsoft.com/java/vm/dl_vm40.htm

UNICRON · #4 March 4th, 2002, 11:21 PM

no win2k patch?

#5 March 4th, 2002, 11:44 PM

As I read it on the download page:
A Windows 2000 hotfix including Microsoft VM build 3805 will be available soon.

Checkout · #6 March 5th, 2002, 07:53 AM

Quote:

As I read it on the download page:
A Windows 2000 hotfix including Microsoft VM build 3805 will be available soon.

I'm dreading All Fools' Day! *How on Earth will we be able to tell the real M$ bug reports from the fakes? *

Paul Wilders · #7 March 5th, 2002, 04:33 PM

Quote:

no win2k patch?

Available in the meanwhile (XP as well) using one and the same link:

www.microsoft.com/java/vm/dl_vm40.htm

regards.

paul

wizard · #8 March 5th, 2002, 05:31 PM

Another alternativ to be protected from this security hole is to use the original Java Runtime Engine from Sun. It's free and can be downloaded from

http://java.sun.com/j2se/1.3/jre/download-windows.html#software

wizard

javacool · #9 March 5th, 2002, 06:58 PM

More links on this vulnerability:

http://www.theregister.co.uk/content/55/24295.html

http://www.xs4all.nl/~harmwal/issue/wal-01.txt

http://home.netscape.com/security/

Paul Wilders · #10 March 6th, 2002, 01:22 AM

The advice from wizard is IMHO a very solid one:

Quote:

Another alternativ to be protected from this security hole is to use the original Java Runtime Engine from Sun.

There's a new version available as well: v1.4:

http://java.sun.com/j2se/1.4/download.html

regards.

paul

spy1 · #11 March 6th, 2002, 11:05 AM

Exactly (step-by-step) how would one go about changing from VM to Sun? What do you do? Pete

#12 March 6th, 2002, 03:01 PM

Quote:

Exactly (step-by-step) how would one go about changing from VM to Sun? What do you do? Pete

Good question, Pete!

Quote from this site:
http://www.microsoft.com/java/vm/dl_vm40.htm

Quote:

WARNING: Please note that once you have installed the updated Microsoft VM it cannot be uninstalled.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search