• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Java Virtual Machine Standard Security Manager Access Validation Vulnerability

A vulnerability has been discovered in Microsoft's JVM that may allow an attacker to prevent Java applets from being executed in the affected browser session. The vulnerability occurs because the Virtual Machine's Standard Security Manager does not perform sufficient access validation checks. This allows any Java applet to write to the Security Manager, when only the Virtual Machine itself should be able to write to it. Exploitation of this vulnerability will only affect the current browser session and not other current sessions or subsequent sessions.

This vulnerability was originally described in BID 6365. It is now being assigned its own BugTraq ID.