• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Java Virtual Machine URL Parsing Vulnerability

A vulnerability has been discovered in Microsoft's JVM that may allow an attacker to construct a malicious URL that would load a Java applet from an attacker's site but misrepresent it as belonging to another, trusted, site. The vulnerability is due to a flaw in the Virtual Machine's URL parser. An attacker can exploit this vulnerability to intercept any traffic that the user would send to the trusted site. This information may be used by an attacker to launch further attacks against a vulnerable system.

This vulnerability was originally described in BID 6365. It is now being assigned its own BugTraq ID.