Internet Explorer 3.0, 4.0 and Java

Reported September 12, 1997

Systems Affected

Systems Running Either Internet Explorer 3.0 or 4.0 on Windows 95, Windows 3.1, Windows NT 3.51, and 4.0

According to Microsoft, the problem does not affect the JVM on the Mac for Internet Explorer 3.0, or the Platform Preview 1 of Internet Explorer 4.0 for the Mac when default Java security settings are used.

The Problem

A malicious Web site could download graphics or use the Java redirect to run an applet that loads Java classes (software that helps Java run) onto a user"s computer from another Web site such as an intranet. This violates one of the Java sandbox restrictions to the extent that it allows classes to be loaded from any host (Web server). However, the other sandbox restrictions will still be enforced. For example, the classes will not be allowed to read from or write to the user"s hard drive.

Stopping the Problem:

Load a new version of Internet Explorer, which updates the Java VM.

IE 3.01 40-bit
IE 3.01 128-bit
IE 4.0

Microsoft"s Response:

The folks in Redmond say to load a new copy of the browser.

To learn more about new NT security concerns, subscribe to NTSD.

Credit:
Reported by ???
Posted here at NTSecurity.Net September 14, 1997