CVE-2002-1288

3 documents3 sources

Severity

5.0MEDIUM

EPSS

8.8%

top 7.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Java Virtual Machine

Timeline

PublishedNov 29

Latest updateApr 30

Description

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath() method in a File() call.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/java_virtual_machine1.1

🔴Vulnerability Details

GHSA

GHSA-94r6-2p96-fcrh: The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer p↗2022-04-30

▶

CVEList

CVE-2002-1288: The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer p↗2002-11-14

▶