Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0111

5 documents5 sources
Severity
7.5HIGH
EPSS
39.3%
top 2.71%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Virtual Machine
Timeline
PublishedMay 5
Latest updateApr 29

Description

The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/virtual_machine3802, 3805, 3809+2

Patches

Patch: www.iss.netPatch: www.kb.cert.orgPatch: www.iss.net

🔴Vulnerability Details

3
GHSA
GHSA-83gw-hr2p-gg57: The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 52022-04-29
CVEList
CVE-2003-0111: The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 52003-04-15
VulnCheck
Microsoft Virtual Machine ByteCode Verifier Component Code Execution Vulnerability2003

💥Exploits & PoCs

1
Exploit-DB
Microsoft Java Virtual Machine 3802 Series - Bytecode Verifier2002-11-21
CVE-2003-0111 (HIGH CVSS 7.5) | The ByteCode Verifier component of | cvebase.io