Reported October 12, 2000 by Microsoft

VERSIONS AFFECTED
  • Microsoft Virtual Machine ActiveX Component

DESCRIPTION

Virtual Machine ActiveX Component can be Exploited

DEMONSTRATION

No demonstration is available.  But, a malicious user could exploit this vulnerability to take any desired action on users PCs if they visit the malicious web site.

VENDOR RESPONSE

Microsoft has released a security advisory, MS00-075 and multiple patches are available depending on the build number.

2000-series Microsoft VM customers will be provided with an update

soon.

3100-series Microsoft VM customers upgrade to build 3318 or later

from:  http://www.microsoft.com/java/vm/dl_vm40.htm

3200-series Microsoft VM customers upgrade to build 3318 or later

from:  http://www.microsoft.com/java/vm/dl_vm40.htm

3300-series Microsoft VM customers upgrade to build 3318 or later

from:  http://www.microsoft.com/java/vm/dl_vm40.htm

CREDIT
Discovered by
Microsoft