JavaFAQ Home » Security
Microsoft late Wednesday issued a "critical"
security alert for a series of Java Virtual Machine bugs, one of which could
allow a hacker to steal information or reformat the hard drives of compromised
The alert, which relates to Microsoft's version of the JVM, comes a week
after Sun Microsystems asked
a federal judge to issue an injunction compelling the software titan to carry
Sun's version of the JVM in the Windows XP operating system.
of the JVM is based on 5-year-old Sun technology.
Microsoft gave the series of JVM glitches its highest alert rating because
the extensive amount of damage a hacker could do if a computer is compromised.
The Redmond, Wash.-based company identified eight vulnerabilities in all, rating
one "critical," two as "important," two "moderate"
and three "low."
The most serious of the security holes "could enable an attacker’s
Java applet to gain control over another user’s system," according to the
"This would enable the attacker to take any desired action on the
user’s system; for instance, the attacker could add, delete or change data on
the user’s system; communicate with Web sites; load and run programs; reformat
the hard drive, and so forth."
The exploit is possible because of a flaw in the way Microsoft's JVM handles
software written to Microsoft’s Component Object Model (COM).
the Microsoft (JVM) has security checks to prevent Java applets from invoking
COM objects, there is a method of invoking them that bypasses the checks,"
according to the security bulletin.
A hacker could use a Web site or HTML-based e-mail to begin the attack.
Article continues at
By Joe Wilcox
Staff Writer, CNET News.com
Printer Friendly Page
Send to a Friend
Search here again if you need more info!