September 5, 1997 5:10 PM PDT
IE 4 beta bug risks hard disks
- Related Stories
Netscape can't shake bug bluesAugust 29, 1997
Not your father's browsersAugust 22, 1997
Netscape backtracks on Java flawAugust 12, 1997
IE 4.0 beta is risky businessJuly 22, 1997
Microsoft plugs Windows 95 holeMay 19, 1997
Microsoft security flaws run deepMarch 6, 1997
Discovered by a Massachusetts Institute of Technology alumnus with a bug-catching history, the most recent flaw lets a malicious Webmaster build a Java applet that can erase or corrupt files on a Windows machine. Users must visit the site where the applet lives. Unless the person is running a Java-monitoring program, the applet could be undetectable and launch itself automatically, working behind the scenes to destroy the user's files.
The problem is not due to Java itself but to Microsoft's implementation of Java in its latest beta browser. The bug also affects IE 3.0 but only when that browser is used with the beta version of Microsoft's Java software development kit 2.0. Macintosh users are not affected.
Microsoft knows about the bug and will fix it in the final version of IE 4.0 and in the final version of the Java SDK 2.0, according to product manager Kevin Unangst. IE 4.0 is due September 30; the new Java SDK is due in the same time frame. Meanwhile, the company has posted more information on its IE security Web site.
To corrupt a file, malicious applet writers need to know the exact name and location of the targeted file, but the paths of many Windows system files--autoexec.bat, for example--are easy to guess.
"This would effectively wipe out your hard drive," said Timothy Macinta, a Java consultant who as an MIT undergrad helped uncover an Internet Explorer bug earlier this year. "You could take out someone's system files or take up hard drive space by writing as many files as you can."
The bug only works with a combination of Java and DirectX, Microsoft's set of programming interfaces that help developers build games and other multimedia applications. The Java security model normally prevents applets from writing information on the user's hard drive. But a certain DirectX piece of code, when built into a Java applet, bypasses Microsoft's version of the Java security model. If the applet writer points the code to a specific file, it will add the code to the file and corrupt it.
The bug cannot add viruses to a hard drive nor will it let the malicious programmer view or steal files from the hard drive.