Microsoft VM StandardSecurityManager class restriction bypass

msvm-ssm-restriction-bypass (10585) The risk level is classified as MediumMedium Risk

Description:

A vulnerability in com.ms.security.StandardSecurityManager (SSM) class in Microsoft VM could allow a remote attacker to bypass class restrictions. A remote attacker could create a malicious Java Applet that modifies the static fields "deniedDefinitionPackages" and "deniedAccessPackages", which would allow the attacker to bypass the restrictions imposed by the StandardSecurityManager class and possibly perform malicious actions on the victim's computer. An attacker could exploit this vulnerability by hosting the malicious Java Applet on a Web site or by sending it to a potential victim within an HTML email.


Consequences:

Bypass Security

Remedy:

Apply the patch for this vulnerability, as listed in Microsoft Security Bulletin MS03-011. See References.

Note: Microsoft originally provided a patch for this vulnerability in MS02-069, but it was superseded by the patch released with MS03-011.

References:

  • BugTraq Mailing List, Fri Nov 08 2002 - 07:00:01 CST : Technical information about unpatched MS Java vulnerabilities .
  • CIAC Information Bulletin N-026: Flaw in Microsoft VM Could Enable System Compromise.
  • Microsoft Security Bulletin MS02-069: Flaw in Microsoft VM Could Enable System Compromise (810030).
  • Microsoft Security Bulletin MS03-011: Flaw in Microsoft VM Could Enable System Compromise (816093).
  • BID-6133: Microsoft JVM Package Access Restriction Bypassing Vulnerability
  • BID-6381: Microsoft Java Virtual Machine Standard Security Manager Access Validation Vulnerability
  • CVE-2002-1261: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1292. Reason: This candidate is a reservation duplicate of CVE-2002-1292. Notes: All CVE users should reference CVE-2002-1292 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
  • CVE-2002-1292: The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running.
  • US-CERT VU#237777: Microsoft Virtual Machine allows applets write access to the Standard Security Manager

Platforms Affected:

  • Microsoft Internet Explorer
  • Microsoft Java Virtual Machine 5.0.3805

Reported:

Nov 08, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page