Microsoft Knowledge Base Article - Q329077
 

MS02-052: Flaw in Microsoft VM JDBC Classes Might Permit Code to Be Run

The information in this article applies to:
  • Microsoft virtual machine, when used with:
      the operating system: Microsoft Windows XP
      the operating system: Microsoft Windows Millennium Edition
      the operating system: Microsoft Windows 2000
      the operating system: Microsoft Windows NT 4.0
      the operating system: Microsoft Windows 98 Second Edition
      the operating system: Microsoft Windows 98

SYMPTOMS

The Microsoft virtual machine (VM) is a virtual machine for 32-bit versions of Microsoft Windows. The Microsoft VM was included as part of most versions of Windows, and as part of most versions of Microsoft Internet Explorer. The Microsoft VM was also available for some time as a separate download. A new patch for the Microsoft VM is available. This patch corrects three security vulnerabilities. The attack vectors for all the vulnerabilities are likely to be the same. To exploit these vulnerabilities, an attacker might create a Web page, and then host the Web page on a server or send the page as an e-mail message.

The first vulnerability involves the Java Database Connectivity (JDBC) classes, which provide features that permit Java programs to connect to and use data from a wide variety of data sources. These sources range from flat files to Microsoft SQL Server databases. The vulnerability occurs because of a flaw in the way in which classes vet a request to load and run a dynamic-link library (DLL) on a user's computer. Although the classes perform checks that are designed to make sure that only authorized programs can make such requests, this check can be "spoofed" by purposely incorrectly forming the request in a particular way. This might permit an attacker to load and run any DLL on a user's computer.

The second vulnerability also involves the JDBC classes, and occurs because certain functions in the classes do not correctly validate handles that are provided as input. One straightforward use of this flaw involves supplying data that is not valid instead of an actual handle when calling such a function. Microsoft has confirmed that this scenario can cause Internet Explorer to stop working. The flaw might also permit an attacker to provide data that causes code to be run in the security context of the user.

The third vulnerability involves a class that provides support for using XML by Java programs. This class exposes a number of methods. Some of these methods are suitable for use by any program, but others are suitable only for use by trusted programs. However, the class does not differentiate correctly between these cases, and instead makes all the methods available to all programs. The functions that can be misused through this vulnerability include functions that might permit a program to take virtually any action on a user's computer.

RESOLUTION

To resolve this problem, install the "Q329077: Security Update" package from the Critical Updates section of the Microsoft Windows Update Web site: This update upgrades your Microsoft VM with the 5.00.3807 patch. This update is available only if you have an affected version of the Microsoft VM installed. All builds of the Microsoft VM up to and including build 5.00.3805 are affected.

You can install this patch to the Microsoft VM on computers that are already running version 5.00.3805 of the Microsoft VM. For additional information about how to obtain version 5.00.3805, click the article number below to view the article in the Microsoft Knowledge Base:
    Q300845 MS02-013: Java Applet Can Redirect Browser Traffic
This update makes the following changes to the registry:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed
    Components\{DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF}

    ="Security Update for the Microsoft VM"
    "ComponentID"="JAVAVM"
    "IsInstalled"=hex:01,00,00,00
    "KeyFileName"="C:\\WINDOWS\\System32\\msjava.dll"
    "Version"="5,00,3807,0"

STATUS

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft VM.

MORE INFORMATION

For more information about this vulnerability, visit the following Microsoft Web site: