Lucene search

[email protected]CVE-2002-1289

HistoryNov 29, 2002 - 5:00 a.m.

CVE-2002-1289

2002-11-2905:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

microsoft

java

internet explorer

vulnerability

remote attack

memory read

denial of service

arbitrary code execution

nvd

cve-2002-1289

8.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

92.4%

JSON

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters.

CPENameOperatorVersion
microsoft:java_virtual_machinemicrosoft java virtual machineeq1.1

CPE	Name	Operator	Version
microsoft:java_virtual_machine	microsoft java virtual machine	eq	1.1

References

marc.info/?l=bugtraq&m=103682630823080&w=2

marc.info/?l=ntbugtraq&m=103684360031565&w=2

www.iss.net/security_center/static/10582.php

www.securityfocus.com/bid/6140

8.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

92.4%

JSON