Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0711

4 documents4 sources
Severity
7.5HIGH
EPSS
7.5%
top 8.24%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Virtual MachineNetscape Communicator
Timeline
PublishedOct 20
Latest updateApr 30

Description

Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDnetscape/communicator14 versions+13
NVDmicrosoft/virtual_machine4 versions+3

Patches

Patch: www.cert.orgPatch: www.securityfocus.comPatch: www.cert.org

🔴Vulnerability Details

2
GHSA
GHSA-ww6p-x9mv-7hjc: Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to creat2022-04-30
CVEList
CVE-2000-0711: Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to creat2000-10-13

💥Exploits & PoCs

1
Exploit-DB
Sun JDK 1.1.x / Sun JRE 1.1.x - Listening Socket2000-08-03
CVE-2000-0711 (HIGH CVSS 7.5) | Netscape Communicator does not prop | cvebase.io