CVE-2002-1295

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability."

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/6136
http://www.iss.net/security_center/static/10588.php
http://marc.info/?l=bugtraq&m=103682630823080&w=2
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:java_virtual_machine:1.1:*:*:*:*:*:*:*

Information

Published : 2002-11-28 21:00

Updated : 2018-10-12 14:32

NVD link : CVE-2002-1295

Mitre link : CVE-2002-1295

JSON object : View

CWE

NVD-CWE-Other

Products Affected

microsoft

java_virtual_machine

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/6136", "name": "6136", "tags": [], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/10588.php", "name": "msvm-html-applet-dos(10588)", "tags": [], "refsource": "XF"}, {"url": "http://marc.info/?l=bugtraq&m=103682630823080&w=2", "name": "20021108 Technical information about unpatched MS Java vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=ntbugtraq&m=103684360031565&w=2", "name": "20021108 Technical information about unpatched MS Java vulnerabilities", "tags": [], "refsource": "NTBUGTRAQ"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069", "name": "MS02-069", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka \"Incomplete Java Object Instantiation Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-1295", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2002-11-29T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:java_virtual_machine:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T21:32Z"}

7.5 /10