Description
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.
Affected products
- Microsoft / virtual_machine2000 – 2000
- Microsoft / virtual_machine3100 – 3100
- Microsoft / virtual_machine3200 – 3200
- Microsoft / virtual_machine3300 – 3300
- netscape / communicator4.0 – 4.0
- netscape / communicator4.04 – 4.04
- netscape / communicator4.05 – 4.05
- netscape / communicator4.5 – 4.5
- netscape / communicator4.06 – 4.06
- netscape / communicator4.6 – 4.6
- netscape / communicator4.07 – 4.07
- netscape / communicator4.7 – 4.7
- netscape / communicator4.08 – 4.08
- netscape / communicator4.51 – 4.51
- netscape / communicator4.61 – 4.61
- netscape / communicator4.72 – 4.72
- netscape / communicator4.73 – 4.73
- netscape / communicator4.74 – 4.74
References
- MISChttp://www.securityfocus.com/templates/archive.pike?list=1&msg=3999922128E.EE84TAKAGI%40java-house.etl.go.jp
- MISChttp://www.securityfocus.com/bid/1545
- VENDOR_ADVISORYhttp://www.cert.org/advisories/CA-2000-15.html
- MISChttp://www.securityfocus.com/templates/archive.pike?list=1&msg=20000805020429.11774.qmail%40securityfocus.com