MS99-045: Bypassing Java Sandbox with Program Results in VM Security Vulnerability

Article translations Article translations
Article ID: 244283 - View products that this article applies to.
This article was previously published under Q244283
The Microsoft virtual machine (Microsoft VM) update that was previously listed in this article is no longer available. For more information, visit the following Microsoft Web pages:
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all


When you manually construct a Java program by using a Java bytecodes assembler to operate outside the bounds that are set by the sandbox (the security scheme for Java programs), it may be possible for the program to exploit a security vulnerability in the Microsoft virtual machine (Microsoft VM).

If the program is hosted on a Web site, it may be possible to run a program or perform certain tasks on the computer of a visiting user that the user does not authorize. This may include the following tasks:
  • Create a file.
  • Delete a file.
  • Modify a file.
  • Send data to a Web site.
  • Receive data from a Web site.
  • Reformat the hard disk.


Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft virtual machine.


For more information about this vulnerability, refer to the following Microsoft Web sites:
For additional information about the Microsoft virtual machine, click the article number below to view the article in the Microsoft Knowledge Base:
169803 INFO: Historical List of Shipping Vehicles for Microsoft VM
For support information about Visual J++ and the SDK for Java, visit the following Microsoft Web site:


Article ID: 244283 - Last Review: January 10, 2015 - Revision: 7.0
  • Microsoft Java Virtual Machine, when used with:
    • the operating system: Microsoft Windows XP
    • Microsoft Windows Millennium Edition
    • the operating system: Microsoft Windows 2000
    • Microsoft Windows NT 4.0
    • Microsoft Windows 98 Second Edition
    • Microsoft Windows 98 Standard Edition
    • Microsoft Windows 95
kbnosurvey kbarchive kbbug kbfix kbsecurity kbsecvulnerability KB244283

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from