Microsoft Security Bulletin MS00-011
Patch Available for "VM File Reading" Vulnerability
Originally Posted: February 18, 2000
Microsoft has released a patch that eliminates a security vulnerability in the Microsoft® virtual machine (Microsoft VM). The vulnerability could enable a malicious web site operator to read files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet. In both cases the malicious applet would have to know the exact name and location of the files. Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-011.mspx
Please see the following references for more information related to this issue.
- Frequently Asked Questions: Microsoft Security Bulletin MS00-011, http://www.microsoft.com/technet/security/bulletin/fq00-011.mspx.
- Microsoft Knowledge Base (KB) article 253562, "VM File Reading" Security Vulnerability, http://support.microsoft.com/default.aspx?scid=kb;en-us;253562.
- Microsoft Security Advisor web site, http://www.microsoft.com/security/default.mspx.
Obtaining Support on this Issue
This is a fully supported patch. Information on contacting Microsoft Technical Support is available at http://support.microsoft.com/contactussupport/?ws=support.
Microsoft thanks Hideo Nakamura of NEC in Tokyo, Japan for reporting the VM File Reading vulnerability to us and working with us to protect customers.
- February 18, 2000: Bulletin Created.
- V2.0 (March 10, 2003): Introduced versioning and Update made to download location.
- V3.0 (July 1, 2009): Removed download information because Microsoft Java Virtual Machine is no longer available for distribution from Microsoft. For more information, see Patch Availability.
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.