7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.059 Low
EPSS
Percentile
93.5%
The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet.
The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. If an intruder can convince a victim to run a malicious Java applet, the intruder could run arbitrary code on the victim’s machine. For more information, please see Microsoft Security Bulletin MS03-011.
After convincing a victim to download and run a malicious Java applet, an intruder could run arbitrary code with the privileges of the victim.
Apply a patch as described in Microsoft Security Bulletin MS03-011.
In addition to applying the patch, we strongly recommend the security updates to Microsoft Outlook as described in <http://office.microsoft.com/Downloads/2000/Out2ksec.aspx>.
Javascript is disabled. Click here to view vendors.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Microsoft for reporting and correcting this vulnerability.
This document was written by Shawn V Hernan based on information provided by Microsoft in Microsoft Security Bulletin MS03-011.
CVE IDs: | CVE-2003-0111 |
---|---|
Severity Metric: | 2.25 Date Public: |
office.microsoft.com/Downloads/2000/Out2ksec.aspx
www.microsoft.com/security/security_bulletins/ms03-011.asp
www.microsoft.com/technet/security/bulletin/MS03-011.asp
www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-011.asp
www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-075.asp
www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-081.asp
www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-013.asp
www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-031.asp
www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms99-031.asp
www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-045.asp