Signature Detail

TROJAN: Byte-Verify in Webpage

This signature detects the Trojan Byte-Verify within an HTML document loaded from a web page. An attacker could exploit the vulnerability in the ByteCode verifier component of Microsoft Virtual Machine to execute arbitrary code with the privileges of the current user.

Extended Description

The Microsoft Java virtual machine implementation contains a vulnerability that may allow for malicious Java applets to escape the security sandbox. An applet constructed at the bytecode-level may be able to perform some illegal operations. If these operations are performed, it may be possible to escape the security constraints placed on the applet by the JVM. Code execution with the privileges of the victim user may be possible.

Affected Products

• Microsoft Virtual Machine 3802 Series
• Microsoft Virtual Machine 3805 Series
• Microsoft Virtual Machine 3809 Series
• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Advanced Server SP2
• Microsoft Windows 2000 Advanced Server SP3
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server SP1
• Microsoft Windows 2000 Datacenter Server SP2
• Microsoft Windows 2000 Datacenter Server SP3
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Professional SP1
• Microsoft Windows 2000 Professional SP2
• Microsoft Windows 2000 Professional SP3
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Terminal Services SP1
• Microsoft Windows 2000 Terminal Services SP2
• Microsoft Windows 2000 Terminal Services SP3
• Microsoft Windows 2000 Terminal Services

References

• BugTraq: 6221
• CVE: CVE-2003-0111
• URL: http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html
• URL: http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx