CVE-2002-1289

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service crash, and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices...

CVE-2002-1286

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the...

CVE-2002-1291

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" null character URL...

CVE-2002-1293

The Microsoft Java implementation, as used in Internet Explorer, provides a public load0 method for the CabCracker class com.ms.vm.loader.CabCracker, which allows remote attackers to bypass the security checks that are performed by the load method...

CVE-2002-1290

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the 1 ClipBoardGetText and 2 ClipBoardSetText methods of the INativeServices class...

CVE-2002-1295

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service crash and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions such as private constructors by providing the class name in th...

Microsoft Java Virtual Machine Bytecode Verifier Vulnerability

Description The Microsoft Java virtual machine implementation contains a vulnerability that may allow for malicious Java applets to escape the security sandbox. An applet constructed at the bytecode-level may be able to perform some illegal operations. If these operations are performed, it may be...

Microsoft Java Virtual Machine 3802 Series - Bytecode Verifier

source: https://www.securityfocus.com/bid/6221/info The Microsoft Java virtual machine implementation contains a vulnerability that may allow for malicious Java applets to escape the security sandbox. An applet constructed at the bytecode-level may be able to perform some illegal operations. If...

CVE-2002-1286

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the...

CVE-2002-1294

The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service crash due to illegal memory accesses and possibly conduct other unauthorized activities via an applet that uses...

CVE-2002-1289

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service crash, and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices...

CVE-2002-1288

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath method in a File call...

CVE-2002-1291

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" null character URL...

CVE-2002-1290

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the 1 ClipBoardGetText and 2 ClipBoardSetText methods of the INativeServices class...

EUVD-2002-1275

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" null character URL...

CVE-2002-1293

The Microsoft Java implementation, as used in Internet Explorer, provides a public load0 method for the CabCracker class com.ms.vm.loader.CabCracker, which allows remote attackers to bypass the security checks that are performed by the load method...

CVE-2002-1292

The Microsoft Java virtual machine VM build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager SSM class com.ms.security.StandardSecurityManager and bypass intended StandardSecurityManager restrictions by modifying the 1...

CVE-2002-1287

Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through 1 Class.forName or 2 ClassLoader.loadClass...

CVE-2002-1295

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service crash and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions such as private constructors by providing the class name in th...

Technical information about unpatched MS Java vulnerabilities

These are some technical details about the security vulnerabilities I've found in Microsoft's Java implementatation. They were reported to the vendor mostly during August 2002. Microsoft no longer responds to my inqueries and doesn't seem to react about these severe vulnerabilities which affect...