Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0076

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0076
Last Modified 05 Sep 2008 04:27:06
Published 19 Mar 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0076

Summary

Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.

Vulnerable Systems

Application

  • Hp Java Jre-jdk 1.1.8

  • Hp Java Jre-jdk 1.2.2

  • Hp Java Jre-jdk 1.3

  • Microsoft Virtual Machine 3802

  • Sun Jdk 1.1.8

  • Sun Jre 1.1.8

  • Sun Jre 1.2.2

  • Sun Jre 1.3.0

  • Sun Jre 1.3.1

  • Sun Sdk 1.2.2 010

  • Sun Sdk 1.2.2 10

  • Sun Sdk 1.3 05

  • Sun Sdk 1.3.1 01

  • Sun Sdk 1.3.1 01a


References

MS - MS02-013

SUN - 00218

BID - 4313

XF - java-vm-verifier-variant(8480)


Last Updated: 27 May 2016 10:36:46