VULHUB ™

In certain versions of Microsoft Internet Explorer with various java implementations for MacOS, it is possible to open a data connection from a target host through a java applet violating the IE security model. To exploit this, an attacker would first have to make a website with the malicious java applet on it. The vulnerable user would have to visit that site and execute the java applet. The java applet could then open a connection to an arbitrary host. It was intially thought that this was a problem with the getImage() method but it is now thought that URLConnection is the problem (it is called by getImage()).

In certain versions of Microsoft Internet Explorer with various java implementations for MacOS, it is possible to open a data connection from a target host through a java applet violating the IE security model. To exploit this, an attacker would first have to make a website with the malicious java applet on it. The vulnerable user would have to visit that site and execute the java applet. The java applet could then open a connection to an arbitrary host. It was intially thought that this was a problem with the getImage() method but it is now thought that URLConnection is the problem (it is called by getImage()).