Microsoft JVM INativeServices Unauthorized Memory Access Vulnerability
A vulnerability has been reported in the Microsoft JVM INativeServices methods that may lead to unauthorized access to memory on a client system.
INativeServices methods accept memory addresses as parameters. Due to insufficient checking of these values, it may be possible to pass invalid memory addresses and cause a denial of service. Additionally, the pGetFontEnumeratedFamily() methods may also be invoked to read memory via vulnerable INativeServices methods. This may lead to disclosure of various types of sensitive information such as websites visited, cookies, and filesystem information such as the location of the cache directory.
It is possible for a Java applet to access INativeServices methods directly or indirectly through various other methods.
Exploitation of this vulnerability may facilitate other attacks, potentially leading to further information disclosure or execution of malicious code.