Microsoft VM and ActiveX Bug in IE


Microsoft VM builds prior to build 3318 allow access to ActiveX controls that
should not be available (discovered in Oct 2000). See Q275609 and MS00-075 for background on the vulnerability. There are
upgraded versions of the VM for all OS versions supporting IE.

No big deal but there is a new trojan that does significant damage to the
Windows registry IF you have windows scripting host (which W2K does and NT if
you installed it):

Trojan horse breaks Windows PCs

McAfee

Synamtec

To see if you are vulnerable and need to upgrade your VM in IE:



  • Click Start
  • Click Run
  • Type cmd and hit the enter key
  • At the command prompt, type jview and hit the enter
    key

The version information will be at the right of the topmost line. It will
have a format like “5.00.xxxx”, where the “xxxx” is the build number. When I run
this on my W2K commandline running IE6, I see:

Microsoft (R) Command-line Loader for Java Version 5.00.3802

Thus my build number is 3802. OK, now I know the build number. How do I tell
if I’m affected? Any build 2000-2441 is vulnerable as well as obsolete where as
any builds 3000-3187 are vulnerable. If your VM is vulnerable, download a non-vulnerable
VM

Leave a Comment

Your email address will not be published.

Scroll to Top