12 matches found
CVE-2004-0723
CVE-2004-0723 affects the Microsoft Java VM 5.0.0.3810. The issue allows a remote attacker to bypass sandbox restrictions and read/write data between applets from different domains via the GET/Key and PUT/Key/Value commands (cross-site Java). The provided documents identify the vulnerable compone...
CVE-2002-1286
The CVE-2002-1286 issue affects the Microsoft Java implementation used by Internet Explorer. The underlying vulnerability is improper parsing of URLs whose domain portion contains a colon, allowing a remote attacker to load a Java applet from a malicious site within the security context of the si...
CVE-2002-1295
The CVE-2002-1295 entry concerns the Microsoft Java VM used by Internet Explorer. The vulnerability arises when HTML applet tags bypass Java class restriction checks by supplying the class name in the code parameter, allowing remote attackers to cause a crash (denial of service) and potentially p...
CVE-2002-1292
The CVE-2002-1292 entry concerns the Microsoft Java VM (MSJVM) in Internet Explorer up to build 5.0.3805. A vulnerability allows remote attackers to extend the Standard Security Manager (com.ms.security.StandardSecurityManager) by modifying deniedDefinitionPackages or deniedAccessPackages, leadin...
CVE-1999-0766
CVE-1999-0766 : Multiple sources describe a vulnerability in the Microsoft Java Virtual Machine where a malicious Java applet can escape the sandbox and execute arbitrary commands outside it. The underlying issue is that the applet’s actions are not properly restricted by the sandbox, enabling co...
CVE-2002-1289
The CVE-2002-1289 entry concerns the Microsoft Java implementation used in Internet Explorer. The vulnerability arises in getNativeServices, which creates an instance of com.ms.awt.peer.INativeServices (INativeServices) and does not verify the memory addresses passed to its methods, allowing remo...
CVE-2002-1287
The CVE concerns Microsoft’s Java implementation used by Internet Explorer. A stack-based buffer overflow occurs in the Java runtime when handling long class names via Class.forName or ClassLoader.loadClass, allowing a remote attacker to cause a denial of service. The affected component is the Mi...
CVE-2002-1293
The CVE concerns the Microsoft Java implementation used in Internet Explorer. A public load0() method in the CabCracker class (com.ms.vm.loader.CabCracker) allows remote attackers to bypass security checks performed by load(), enabling potential bypass of authentication/validation logic. The vuln...
CVE-2002-1294
CVE-2002-1294 affects the Microsoft Java implementation used by Internet Explorer. The vulnerability arises when HTML object references to applets are exposed via JavaScript, allowing a remote attacker to cause a denial-of-service crash (illegal memory accesses) and potentially perform other unau...
CVE-2002-1288
CVE-2002-1288 affects the Microsoft Java implementation used in Internet Explorer. The vulnerability arises when a getAbsolutePath() call on a File() object enables remote attackers to determine the current directory of the Internet Explorer process. This is a information-disclosure issue. The pr...
CVE-2002-1291
The vulnerability CVE-2002-1291 affects the Microsoft Java implementation used in Internet Explorer. An applet tag with a codebase set to a "file://%00" URL can allow remote attackers to read arbitrary local files and network shares. The provided documents identify the affected component and the ...
CVE-2002-1290
The CVE-2002-1290 entry describes a vulnerability in the Microsoft Java implementation used by Internet Explorer. An applet can abuse the INativeServices ClipBoardGetText/ClipBoardSetText interfaces to read and modify the user’s clipboard contents. This yields potential unauthorized disclosure an...