cbcvebase.
CVE-2003-0111
published 2003-05-05

CVE-2003-0111: The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers…

PriorityP267high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
41.21%
98.5th percentile
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftvirtual_machine
microsoftvirtual_machine
microsoftvirtual_machine

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22027-1.tar.gz
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22027-2.tar.gz
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22027-3.tar.gz
  • Target is Microsoft VM build 5.0.3809 and earlier (including 3802 series). Detect or block Java applet delivery to clients running these VM versions.
  • Exploitation vector is a malicious Java applet crafted at the bytecode level to bypass the ByteCode Verifier. Monitor for Java applet downloads (.class/.jar) from untrusted sources in Internet Explorer traffic.
  • Successful exploitation results in code execution with the privileges of the victim user. Monitor for unexpected child processes spawned from the Microsoft VM process (jview.exe / wjview.exe).
  • ·Vulnerability is specific to the ByteCode Verifier component of Microsoft VM. Only Microsoft VM builds 5.0.3809 and earlier are affected; non-Microsoft JVM implementations are not in scope.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.