Vulnerability Type: Covert Channels in Microsoft JVM Impact: Allows Cross-Site Java Affected Product: Microsoft (R) VM for Java, 5.0 Release 5.0.0.3810 Exploit Mechanism: Core system classes can be manipulated to create covert channels, enabling data leakage and sandbox violations between applets from different websites. Proof of Concept Links: - A: http://www.tauwerkkunst.de/javatest/SiteA/CovAppletFNMap.html - B: http://www.beauchamp.de/tauwerk/javatest/SiteA/CovAppletFNMap.html Commands Used for Exploitation: - PUT/Key/Value: To create an entry in the shared hashtable - GET/Key: To read an entry from the shared hashtable Additional Resource: www.illegalaccess.org for more Java security information.