VULHUB ™

A vulnerability has been reported in Microsoft JVM that may lead to a denial of service in Microsoft Internet Explorer. A flaw has been uncovered that allows applets to invoke methods of proprietary Microsoft interfaces, resulting in undefined behaviour. This includes crashes due to invalid memory accesses. This is possible because references to HTML objects in MSIE can be passed to an applet by Javascript. The applet may then invoke methods of the object class that it should not be able to access. This may cause the browser to crash. The possibility of code execution has not been ruled out.

A vulnerability has been reported in Microsoft JVM that may lead to a denial of service in Microsoft Internet Explorer. A flaw has been uncovered that allows applets to invoke methods of proprietary Microsoft interfaces, resulting in undefined behaviour. This includes crashes due to invalid memory accesses. This is possible because references to HTML objects in MSIE can be passed to an applet by Javascript. The applet may then invoke methods of the object class that it should not be able to access. This may cause the browser to crash. The possibility of code execution has not been ruled out.