[12244] in bugtraq
Another Microsoft Java Flaw Disovered
daemon@ATHENA.MIT.EDU (Gary McGraw)
Thu Oct 14 17:16:08 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3805E4CC.76D5992B@rstcorp.com>
Date: Thu, 14 Oct 1999 10:12:28 -0400
Reply-To: Gary McGraw <gem@RSTCORP.COM>
From: Gary McGraw <gem@RSTCORP.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Karsten Sohr at the University of Marburg has discovered another serious
security flaw in Microsoft's Java Virtual Machine. A bug in Microsoft's
bytecode verifier allows the construction of code sequences that
illegally cast values of one Java type to values of another unrelated
type, in violation of Java's typing rules, without detection by
Microsoft's verifier. An attack applet can exploit this flaw to breach
the JVM's security, and can then proceed to do anything it wants to do
on the victim's computer. For example, an attack applet might exploit
this flaw to read private data, modify or delete files, or eavesdrop on
the user's activities.
Dirk Balfanz and Ed Felten, at Princeton University, have constructed a
demonstration applet that exploits this flaw to delete a file.
All recent versions of Microsoft's JVM for Windows appear to be
vulnerable, so users of recent versions of Internet Explorer are
affected by this flaw. A malicious applet could also be embedded in an
e-mail message read using Microsoft Outlook or Eudora. Users of other
JVMs, browsers, and email readers are generally not affected. Reliable
Software Technologies was involved in testing on various platforms.
Links
The Princeton Secure Internet Programming team's news release
http://www.cs.princeton.edu/sip/history/
The Reliable Software Technologies news release
http://www.rstcorp.com
Our book "Securing Java" on the Web gives a detailed treatment of Java
security issues
http://www.securingjava.com
gem
Gary McGraw, Ph.D gem@rstcorp.com
Vice President, Corporate Technology
Reliable Software Technologies
Dulles, VA
<http://www.rstcorp.com/~gem>
<http://www.securingjava.com>
