Karsten Sohr at the University of Marburg has discovered another serious security flaw in Microsoft's Java Virtual Machine. A bug in Microsoft's bytecode verifier allows the construction of code sequences that illegally cast values of one Java type to values of another unrelated type, in violation of Java's typing rules, without detection by Microsoft's verifier. An attack applet can exploit this flaw to breach the JVM's security, and can then proceed to do anything it wants to do on the victim's computer. For example, an attack applet might exploit this flaw to read private data, modify or delete files, or eavesdrop on the user's activities. Dirk Balfanz and Ed Felten, at Princeton University, have constructed a demonstration applet that exploits this flaw to delete a file. All recent versions of Microsoft's JVM for Windows appear to be vulnerable, so users of recent versions of Internet Explorer are affected by this flaw. A malicious applet could also be embedded in an e-mail message read using Microsoft Outlook or Eudora. Users of other JVMs, browsers, and email readers are generally not affected. Reliable Software Technologies was involved in testing on various platforms. Links The Princeton Secure Internet Programming team's news release http://www.cs.princeton.edu/sip/history/ The Reliable Software Technologies news release http://www.rstcorp.com Our book "Securing Java" on the Web gives a detailed treatment of Java security issues http://www.securingjava.com gem Gary McGraw, Ph.D gemat_private Vice President, Corporate Technology Reliable Software Technologies Dulles, VA <http://www.rstcorp.com/~gem> <http://www.securingjava.com>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:32 PDT