CVE-2002-1292

3 documents3 sources
Severity
7.5HIGH
EPSS
7.7%
top 8.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Java Virtual Machine
Timeline
PublishedNov 29
Latest updateApr 30

Description

The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-gfp5-236c-x53v: The Microsoft Java virtual machine (VM) build 52022-04-30
CVEList
CVE-2002-1292: The Microsoft Java virtual machine (VM) build 52002-11-14
CVE-2002-1292 (HIGH CVSS 7.5) | The Microsoft Java virtual machine | cvebase.io