INFO: Known Issues with Microsoft Win32 Virtual Machine for Java

Last reviewed: January 29, 1998
Article ID: Q169805
The information in this article applies to:
  • Microsoft Win32 Virtual Machine for Java

SUMMARY

A number of known issues in Java support for Internet Explorer have now been corrected in the Internet Explorer 3.02 release. Please download this upgrade if you are experiencing any problems with Java support in Internet Explorer 3.0. To address the issues discussed below, ensure you have the latest build of the Microsoft Win32 Virtual Machine for Java. For more information about obtaining the latest build, see the References section of this article.

  • Java Mischief Security Issue Identified

    This security issue specifically affects the JVM and not the browser. Microsoft's current understanding of the problem is that when a user visits a malicious Web site, the site could download an image from another Web site such as an intranet that the user has permission to access without the user' knowledge or permission. The security problem could also be used to download an image file from the malicious site to the user's computer memory storage.

    The problem will be fixed in the final versions of the JVM that ships with Internet Explorer 4.0, and we plan to provide a fix for Internet Explorer 3.02 on Windows 95/NT 4.0 and Internet Explorer 3.02a on Windows 3.1/NT 3.51 as soon as possible. The fix will be available as an update to the JVM.

    For more information see the "New Java Mischief Security Problem" link on this page: http://www.microsoft.com/ie/security/.

  • Java Applets hang Internet Explorer 3.02 after installing Windows NT version 4.0 Service Pack 3.

    Internet Explorer version 3.02 may hang when you are navigating to a page that contains a Java applet after installing Windows NT version 4.0 Service Pack 3. The hang only occurs if the Display Properties Color Palette is set to True Color. For more detailed information, please see the following article in the Microsoft Knowledge Base:

          ARTICLE-ID: Q168748
    
          TITLE     : Java Applets Cause IE 3.02 to Stop Responding w/ SP3
    
    
  • University of Washington bytecode verifier issue.

    Microsoft announced the immediate availability of an updated version of the Microsoft Virtual Machine for Java. Researchers at the University of Washington recently notified Microsoft and other vendors of a set of anomalies in Java Virtual Machines. These anomalies could potentially result in a security exposure for customers using Java applets, causing a system crash or lose data.

    The researchers with the Kimera Project in the Department of Computer Science and Engineering at the University of Washington have an automatic validation technology that allows them to quickly identify potential bugs in commercial Java implementations. The anomalies are in the bytecode "verifier", which enforces the security of the Java sandbox. There have been no known attacks that exploit these anomalies, but they could potentially be exploited by a malicious application to get access outside the sandbox. For more information on the University of Washington's Kimera Project, visit http://www.washington.edu/newsroom/news/k051997.html

  • Potential unauthorized access to networked services.

    An independent third party* has discovered a potential security issue with the current Microsoft Virtual Machine for Java. The problem may be exposed when an applet exploits both a bug in a Java security class file and a certain configuration of the Internet Explorer 3.0 cache to allow the applet access to network facilities on the client machine. This attack has to be intentional, and is not guaranteed to be successful in gaining access to the network services.

    This problem only affects users who use the same machine to run network services, such as a mail server, and execute applets from unknown sources on the Internet. This will not affect users who run mail clients or network client applications only. Microsoft encourages users to be careful when accessing executable code of any form over the Internet, and advises caution when running network services on a machine that is used to browse applets from untrusted sources.

    * Microsoft thanks A.L. Digital Ltd, Ben Laurie, and Major Malfunction for reporting this problem.

  • When not connected to an Internet Service Provider, applets hang during initialization.
  • Using Visual Basic to instantiate a Java object with CreateObject() fails with the following message: "Runtime Error '430': Class doesn't support OLE Automation."
  • Problems using breakpoints with Visual J++ Debugger when debugging Java classes.

    When debugging a Java class with breakpoints or single stepping, the symbols for java.lang.NoSuchFieldError and java.lang.LinkageError are loaded, followed by a first chance exception error. Then, the debugger loads the source code for Throwable.java. This occurs because the Virtual Machine throws a NoSuchFieldError exception when it fails to find a hash value for a field by name and type.

REFERENCES

For additional information on the current release of the Virtual Machine, please refer to the following Knowledge Base article:

   ARTICLE-ID: Q163637
   TITLE     : INFO: Availability of Current Build of Microsoft VM for Java

For the latest Knowledge Base articles and other support information on Visual J++ and the SDK for Java, see the following page on the Microsoft Technical Support site:

   http://support.microsoft.com/support/visualj/
   http://support.microsoft.com/support/java/

Keywords          : kbother kbprg kbusage JCOM JVM VJGenIss VJMisc
Technology        : kbInetDev
Platform          : WINDOWS
Issue type        : kbinfo


================================================================================


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: January 29, 1998
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.