Java Applets Can Crash Windows NT
Reported July 20, 1998 by Tonny Espeset

VERSIONS AFFECTED

  • Netscape Navigator 2.0, 3.0, 4.0
  • Internet Explorer 3.x and 4.x
  • Windows NT 4.0

DESCRIPTION

A malicious Java applet (KillerApp) can crash the operating system. With the Java Virtual Machine (JVM) on Windows NT, it seems that it"s possible to trash system memory by calling certain methods with arguments that are out of bounds.

An NTSD reader, reports further on the matter:

Date: Mon, 20 Jul 1998 19:05:05 -0400 (EDT)
From:
To: security@NTSHOP.NET
cc: NTSD@LISTSERV.NTSECURITY.NET
Subject: Re: \[ SECURITY ALERT \] Crashing NT with Java

"Did a stack trace, this appears to be a bug in WIN32K.SYS, more specifically in a line drawing routine."

DEMONSTRATION

WARNING: Clicking THIS LINK to a demo of the KillerApp may cause your machine to crash -- PROCEED WITH CAUTION AND AT YOUR OWN RISK.

This was tested against Windows 95 running Internet Explorer version 4.72.2106.8 by NTSD staff -- the system remained stable and unaffected as far as we can tell.

SOLUTION

Microsoft has been informed. Stay tuned for their response.

To learn more about NT Security concerns, subscribe to NTSD

Credits
- Originally reported by Tonny Espeset

Posted on The NT Shop on July 20, 1998