CVE-2002-1292

The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.kb.cert.org/vuls/id/237777	US Government Resource
http://www.securityfocus.com/bid/6133
http://marc.info/?l=bugtraq&m=103682630823080&w=2
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/10585
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:java_virtual_machine:1.1:*:*:*:*:*:*:*

Information

Published : 2002-11-28 21:00

Updated : 2018-10-12 14:32

NVD link : CVE-2002-1292

Mitre link : CVE-2002-1292

JSON object : View

CWE

NVD-CWE-Other

Products Affected

microsoft

java_virtual_machine

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kb.cert.org/vuls/id/237777", "name": "VU#237777", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/6133", "name": "6133", "tags": [], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=103682630823080&w=2", "name": "20021108 Technical information about unpatched MS Java vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=ntbugtraq&m=103684360031565&w=2", "name": "20021108 Technical information about unpatched MS Java vulnerabilities", "tags": [], "refsource": "NTBUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10585", "name": "msvm-ssm-restriction-bypass(10585)", "tags": [], "refsource": "XF"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069", "name": "MS02-069", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-1292", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2002-11-29T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:java_virtual_machine:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T21:32Z"}

7.5 /10