Description
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
Products
- Microsoft IE 4.0 for Windows 98
- Microsoft IE 4.0 for Windows NT
- Microsoft Internet Explorer 4.1 for Windows 95
- Microsoft Internet Explorer 4.1 for Windows NT 4.0
- Microsoft IE 5.0 for Windows 95
- Microsoft IE 5.0 for Windows 98
- Microsoft IE 5 for Windows NT 4.0
- Microsoft Internet Explorer 4.0
- Microsoft Visual Studio 6.0
- Microsoft Visual Studio 6.0 Enterprise
- Microsoft Visual Studio 6.0 any enterprise
- Microsoft Visual Studio 6.0 Service Pack 1
- Microsoft Visual Studio 6.0 Service Pack 2
- Microsoft Visual Studio 6.0 Service Pack 3
- Microsoft Visual Studio 6.0 Service Pack 4
- Microsoft Visual Studio 6.0 Service Pack 5
- Microsoft Visual Studio 6.0 Service Pack 6
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2000-0162, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2000-0162 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References