{"vuid":"VU#447569","idnumber":"447569","name":"Microsoft Windows Virtual Machine (VM) ByteCode Verifier fails to properly check Java applets for malicious code","keywords":["Microsoft","Windows","Virtual Machine","VM","ByteCode Verifier","Java applet","MS03-011","Q816093"],"overview":"The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet.","clean_desc":"The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. If an intruder can convince a victim to run a malicious Java applet, the intruder could run arbitrary code on the victim's machine. For more information, please see Microsoft Security Bulletin MS03-011.","impact":"After convincing a victim to download and run a malicious Java applet, an intruder could run arbitrary code with the privileges of the victim.","resolution":"Apply a patch as described in Microsoft Security Bulletin MS03-011.","workarounds":"In addition to applying the patch, we strongly recommend the security updates to Microsoft Outlook as described in http://office.microsoft.com/Downloads/2000/Out2ksec.aspx.","sysaffected":"","thanks":"Thanks to Microsoft for reporting and correcting this vulnerability.","author":"This document was written by Shawn V Hernan based on information provided by Microsoft in Microsoft Security Bulletin MS03-011.","public":["http://www.microsoft.com/technet/security/bulletin/MS03-011.asp","http://www.microsoft.com/security/security_bulletins/ms03-011.asp","http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-045.asp","http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-031.asp","http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms99-031.asp","http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-011.asp","http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-075.asp","http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-081.asp","http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-013.asp","http://office.microsoft.com/Downloads/2000/Out2ksec.aspx"],"cveids":["CVE-2003-0111"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-04-09T20:08:00Z","publicdate":"2003-04-09T00:00:00Z","datefirstpublished":"2003-04-10T17:01:19Z","dateupdated":"2003-04-10T17:01:19Z","revision":10,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"10","cam_impact":"15","cam_easeofexploitation":"2","cam_attackeraccessrequired":"20","cam_scorecurrent":"2.25","cam_scorecurrentwidelyknown":"2.8125","cam_scorecurrentwidelyknownexploited":"5.0625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.25,"vulnote":null}