| VID |
28037 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows system has an old version of the Microsoft VM machine installed.
The Microsoft VM is a virtual machine for the Win32 operating environment. The Microsoft VM is shipped in most versions of Windows, as well as in most versions of Internet Explorer.
Microsoft VM version 5.0.3809 and prior have a security vulnerability due to a bug in its bytecode verifier component of the Microsoft VM, which may allow a remote attacker to execute certain malicious code by which a Java applet is loaded. The attack vector for this security issue would likely involve an attacker creating a malicious Java applet and inserting it into a web page that when opened, would exploit the vulnerability. An attacker could then host this malicious web page on a web site, or could send it to a user in e-mail.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms03-011.asp
* Platforms Affected :
Microsoft Windows Any version |
| Recommendation |
Install the 816093 Microsoft VM Security Update package. This update upgrades the Microsoft VM to version 5.00.3810. To download the patch to update existing Microsoft VMs, visit the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch.
For Windows 2000 Service Packs 2 & 3 only, the patch is also available at:
http://support.microsoft.com/default.aspx?scid=kb;en-us;816093 |
| Related URL |
CVE-2010-2569,CVE-2010-2570,CVE-2010-2571,CVE-2010-3954,CVE-2010-3955 (CVE) |
| Related URL |
45277,45279,45280,45281,45282 (SecurityFocus) |
| Related URL |
(ISS) |
|
