Another Microsoft Java Flaw Disovered

[gem () RSTCORP COM (Gary McGraw)]

Karsten Sohr at the University of Marburg has discovered another serious
security flaw in Microsoft's Java Virtual Machine.  A bug in Microsoft's
bytecode verifier allows the construction of code sequences that
illegally cast values of one Java type to values of another unrelated
type, in violation of Java's typing rules, without detection by
Microsoft's verifier. An attack applet can exploit this flaw to breach
the JVM's security, and can then proceed to do anything it wants to do
on the victim's computer. For example, an attack applet might exploit
this flaw to read private data, modify or delete files, or eavesdrop on
the user's activities.

Dirk Balfanz and Ed Felten, at Princeton University, have constructed a
demonstration applet that exploits this flaw to delete a file.

All recent versions of Microsoft's JVM for Windows appear to be
vulnerable, so users of recent versions of Internet Explorer are
affected by this flaw.  A malicious applet could also be embedded in an
e-mail message read using Microsoft Outlook or Eudora.  Users of other
JVMs, browsers, and email readers are generally not affected. Reliable
Software Technologies was involved in testing on various platforms.

Links

The Princeton Secure Internet Programming team's news release
http://www.cs.princeton.edu/sip/history/

The Reliable Software Technologies news release
http://www.rstcorp.com

Our book "Securing Java" on the Web gives a detailed treatment of Java
security issues
http://www.securingjava.com

gem

Gary McGraw, Ph.D    gem () rstcorp com
Vice President, Corporate Technology
Reliable Software Technologies
Dulles, VA
<http://www.rstcorp.com/~gem>
<http://www.securingjava.com>