CVE-2003-0111
published 2003-05-05CVE-2003-0111: The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers…
PriorityP267high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
41.21%
98.5th percentile
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | virtual_machine | — | — |
| microsoft | virtual_machine | — | — |
| microsoft | virtual_machine | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target is Microsoft VM build 5.0.3809 and earlier (including 3802 series). Detect or block Java applet delivery to clients running these VM versions. ↗
- →Exploitation vector is a malicious Java applet crafted at the bytecode level to bypass the ByteCode Verifier. Monitor for Java applet downloads (.class/.jar) from untrusted sources in Internet Explorer traffic. ↗
- →Successful exploitation results in code execution with the privileges of the victim user. Monitor for unexpected child processes spawned from the Microsoft VM process (jview.exe / wjview.exe). ↗
- ·Vulnerability is specific to the ByteCode Verifier component of Microsoft VM. Only Microsoft VM builds 5.0.3809 and earlier are affected; non-Microsoft JVM implementations are not in scope. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-83gw-hr2p-gg57: The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5
ghsa_unreviewed·2022-04-29
CVE-2003-0111 [HIGH] GHSA-83gw-hr2p-gg57: The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
VulnCheck
Microsoft Virtual Machine ByteCode Verifier Component Code Execution Vulnerability
vulncheck·2003·CVSS 7.5
CVE-2003-0111 [HIGH] Microsoft Virtual Machine ByteCode Verifier Component Code Execution Vulnerability
Microsoft Virtual Machine ByteCode Verifier Component Code Execution Vulnerability
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
Affected: Microsoft virtual_machine
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.virusbulletin.com/virusbulletin/2010/05/exploit-kit-explosion-part-two-vectors-attack/
No detection rules found.
No writeups or analysis indexed.
http://www.iss.net/security_center/static/11751.phphttp://www.kb.cert.org/vuls/id/447569https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-011https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A136http://www.iss.net/security_center/static/11751.phphttp://www.kb.cert.org/vuls/id/447569https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-011https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A136
2003-05-05
Published
Exploited in the wild