Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2248

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-2248
Last Modified 05 Sep 2008 04:32:43
Published 31 Dec 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-2248

Summary

Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.

Vulnerable Systems

Application

  • Netscape Communicator 4.0

  • Netscape Communicator 4.5

  • Netscape Communicator 4.51

  • Netscape Communicator 4.6

  • Netscape Communicator 4.61

  • Netscape Communicator 4.7

  • Netscape Communicator 4.72

  • Netscape Communicator 4.73

  • Netscape Communicator 4.74

  • Netscape Communicator 4.75

  • Netscape Communicator 4.76

  • Netscape Communicator 4.77

  • Netscape Communicator 4.78

  • Netscape Communicator 4.79


References

XF - netscape-applet-canconvert-bo(10706)

BID - 6256

BUGTRAQ - 20021126 Netscape 4 Java buffer overflow


Last Updated: 27 May 2016 10:37:40