Lucene search

MitreCVE-2002-0865

HistorySep 01, 2004 - 4:00 a.m.

CVE-2002-0865

2004-09-0104:00:00

mitre

web.nvd.nist.gov

security

microsoft vm

xml

java applet

cve-2002-0865

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.009

Percentile

82.4%

JSON

A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka “Inappropriate Methods Exposed in XML Support Classes.”

Affected configurations

Nvd

Node

microsoftvirtual_machineMatch2000

microsoftvirtual_machineMatch3000

microsoftvirtual_machineMatch3100

microsoftvirtual_machineMatch3188

microsoftvirtual_machineMatch3200

microsoftvirtual_machineMatch3300

microsoftvirtual_machineMatch3802

microsoftvirtual_machineMatch3805

VendorProductVersionCPE
microsoftvirtual_machine2000cpe:2.3:a:microsoft:virtual_machine:2000:*:*:*:*:*:*:*
microsoftvirtual_machine3000cpe:2.3:a:microsoft:virtual_machine:3000:*:*:*:*:*:*:*
microsoftvirtual_machine3100cpe:2.3:a:microsoft:virtual_machine:3100:*:*:*:*:*:*:*
microsoftvirtual_machine3188cpe:2.3:a:microsoft:virtual_machine:3188:*:*:*:*:*:*:*
microsoftvirtual_machine3200cpe:2.3:a:microsoft:virtual_machine:3200:*:*:*:*:*:*:*
microsoftvirtual_machine3300cpe:2.3:a:microsoft:virtual_machine:3300:*:*:*:*:*:*:*
microsoftvirtual_machine3802cpe:2.3:a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*
microsoftvirtual_machine3805cpe:2.3:a:microsoft:virtual_machine:3805:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	virtual_machine	2000	cpe:2.3:a:microsoft:virtual_machine:2000:::::::*
microsoft	virtual_machine	3000	cpe:2.3:a:microsoft:virtual_machine:3000:::::::*
microsoft	virtual_machine	3100	cpe:2.3:a:microsoft:virtual_machine:3100:::::::*
microsoft	virtual_machine	3188	cpe:2.3:a:microsoft:virtual_machine:3188:::::::*
microsoft	virtual_machine	3200	cpe:2.3:a:microsoft:virtual_machine:3200:::::::*
microsoft	virtual_machine	3300	cpe:2.3:a:microsoft:virtual_machine:3300:::::::*
microsoft	virtual_machine	3802	cpe:2.3:a:microsoft:virtual_machine:3802:::::::*
microsoft	virtual_machine	3805	cpe:2.3:a:microsoft:virtual_machine:3805:::::::*

References

www.iss.net/security_center/static/10135.php

www.kb.cert.org/vuls/id/140898

www.securityfocus.com/bid/5752

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.009

Percentile

82.4%

JSON

Related for CVE-2002-0865