FRISK Software International

Summary of IE/VMActiveX.exploit
Discovered: 12 Oct 2000
Risk Level: Low
Payload: This vulnerability allows malicious JavaApplets to create and use ActiveX controls which can result in a full compromise of the users system
Jump to:
Technical description
Removal Instructions

Technical Description
Microsoft ships its own virtual machine which runs on top of all their 32-bit Windows system, Windows 95/98/Me and Windows NT/2000. In oktober 2000 a vulnerability which came to be known as the VM.ActiveX.component vulnerability was discovered. When exploited, this vulnerability allows the creation and execution of ActiveX controls by unsigned Java applets, which in turn can take any action the user is capable of on his computer, based on access-rights etc. This vulnerabilty can be exploited certain means both locally and remotely, e.g. through a malicious web-page viewed in a vulnerable version of Internet Explorer 4.0 and 5.0 and through a specially formatted e-mail message. This vulnerability is exploited by couple of viruses, for example the Redlof virus.

Removal Instructions
This vulnerability was addresses quite some time by Microsoft, a patch and more information are available from the following location

Sindri Bjarnason - virus analyst, FRISK Software Int.

Stay up to date with important developments via e-mail.
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Virus news and information directly to your desktop.
Definitions of common antivirus terminology.
For further virus information, please try our partners' websites:


perComp Verlag
(in German)