Microsoft JVM Package Access Restriction Bypassing Vulnerability

Microsoft's Java Virtual Machine (JVM) contains a class named com.ms.security.StandardSecurityManager. This class contains static fields with package access restrictions. The package access restriction fields can be altered or emptied, allowing any applet to bypass the restrictions.

These restrictions are not implemented by default.

This vulnerability was originally reported in BID 5670. As technical
details have emerged, a database record with a unique BID for this issue
has been created.


 

Privacy Statement
Copyright 2010, SecurityFocus