Results 1 to 6 of 6

Thread: Today Critical Bugs

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001

    Today Critical Bugs

    - ----------------------------------------------------------------------
    Title: Java Applet Can Redirect Browser Traffic
    Date: 04 March 2002
    Software: Microsoft Virtual Machine
    Impact: Information Disclosure
    Max Risk: Critical
    Bulletin: MS02-013

    Microsoft encourages customers to review the Security Bulletin at:
    - ----------------------------------------------------------------------

    The Microsoft VM is a virtual machine for the Win32 operating
    environment. It runs atop Microsoft Windows 95, Microsoft
    Windows 98, ME, Windows NT 4.0 , Windows 2000 and Windows XP.
    It ships as part of Windows 98, ME, and Windows 2000 and also as
    part of Internet Explorer 5.5 and earlier.

    The version of the Microsoft VM that ships with Internet Explorer
    version 4.x and 5.x contains a flaw affecting how Java requests
    for proxy resources are handled. A malicious Java applet could
    exploit this flaw to re-direct web traffic once it has left
    the proxy server to a destination of the attacker's choice.

    An attacker could use this flaw to send a user's Internet session
    to a system of his own control, without the user being aware of
    this. The attacker could then forward the information on to the
    intended destination, giving the appearance that the session was
    behaving normally. The attacker could then send his own malicious
    response, making it seem to come from the intended destination,
    or could discard the session information, creating the impression
    of a denial of service. Additionally, the attacker could capture
    and save the user's session information. This could enable him
    to execute a replay attack or to search for sensitive information
    such as user names or passwords.

    A system is only vulnerable if IE is used in conjunction with a
    proxy server. Users whose browsers are not behind a proxy server
    are not vulnerable to this vulnerability. However, those users
    would be vulnerable if they changed their browser to use a proxy
    server at a later date.

    Mitigating Factors:
    - The vulnerability only affects configurations that utilize a
    proxy server. Customers who are not using a proxy server are
    not at risk from this vulnerability.

    - Best practices strongly recommend using SSL to encrypt sensitive
    information such as user names, passwords and credit card numbers.
    If this has been done, sensitive information will be protected
    from examination and disclosure by an attacker exploiting this

    Risk Rating:
    - Internet systems: Moderate
    - Intranet systems: Moderate
    - Client systems: Critical

    Patch Availability:
    - A patch is available to fix this vulnerability. Please read the
    Security Bulletin at
    for information on obtaining this patch.

    - Harmen van der Wal (http://www.xs4all.nl/~harmwal/)

    - ---------------------------------------------------------------------
    -Simon \"SDK\"

  2. #2
    Thanks my web server system needed that patch

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Crapo. It seem like yesterday that I upgraded the M$ VM to build 3802. Today, any VM with a build of 3805 or less must upgrade. Grrrrrrrrrrrrrrrrrrr.

  4. #4
    Senior Member
    Join Date
    Dec 2001
    Not using proxy server though. good post.

  5. #5
    The Lizard King SarinMage's Avatar
    Join Date
    Jan 2002
    niceness of postness

  6. #6
    Join Date
    Aug 2001
    Interesting man in the middle type attack... real nasty. Thanks for the info. Good post.
    A squirrel with no nuts will soon starve.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts