Java Virtual Machine@1.1 Security Vulnerabilities and Issues — Java Virtual Machine@1.1 CVE List

Lucene search

MicrosoftJava Virtual Machine1.1

10 matches found

CVE•added 2002/11/29 5:0 a.m.•50 views

CVE-2002-1286

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the secur...

7.5CVSS6.7AI score0.06953EPSS

CVE•added 2002/11/29 5:0 a.m.•50 views

CVE-2002-1295

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in ...

7.5CVSS6.8AI score0.03068EPSS

CVE•added 2002/11/29 5:0 a.m.•44 views

CVE-2002-1292

The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) denie...

7.5CVSS6.7AI score0.07677EPSS

CVE•added 2002/11/29 5:0 a.m.•40 views

CVE-2002-1289

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (IN...

7.5CVSS8.1AI score0.06456EPSS

CVE•added 2002/11/29 5:0 a.m.•38 views

CVE-2002-1287

Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass.

5CVSS7.4AI score0.06096EPSS

CVE•added 2002/11/29 5:0 a.m.•37 views

CVE-2002-1293

The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method.

7.5CVSS7.1AI score0.02518EPSS

CVE•added 2002/11/29 5:0 a.m.•36 views

CVE-2002-1291

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" (null character) URL.

5CVSS7AI score0.06387EPSS

CVE•added 2002/11/29 5:0 a.m.•36 views

CVE-2002-1294

The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses...

7.5CVSS7AI score0.05586EPSS

CVE•added 2002/11/29 5:0 a.m.•35 views

CVE-2002-1288

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath() method in a File() call.

5CVSS6.9AI score0.05416EPSS

CVE•added 2002/11/29 5:0 a.m.•33 views

CVE-2002-1290

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class.

6.4CVSS6.9AI score0.05139EPSS