Virtual Machine Security Vulnerabilities and Issues — Virtual Machine CVE List

MicrosoftVirtual Machine

10 matches found

CVE•added 2002/03/07 5:0 a.m.•57 views

CVE-2002-0058

CVE-2002-0058 describes a vulnerability in the Java Runtime Environment where a web applet could abuse an HTTP proxy to hijack or sniff a client’s session by redirecting traffic to another server. Affected: Netscape 6.x (6.0–6.1) and 4.79 and earlier, and Microsoft VM builds 3802 and earlier (IE ...

5CVSS6.6AI score0.02808EPSS

CVE•added 2000/10/13 4:0 a.m.•55 views

CVE-2000-0711

Vulnerability summary (CVE-2000-0711) : Netscape Communicator fails to prevent a ServerSocket object from being created by untrusted entities, enabling a remote attacker to start a server on the victim’s system via a malicious applet (as demonstrated by Brown Orifice). The underlying issue is a f...

7.5CVSS7AI score0.07452EPSS

CVE•added 2004/09/01 4:0 a.m.•54 views

CVE-2002-0865

CVE-2002-0865 affects Microsoft Virtual Machine (VM) prior to 5.0.3805, where the XML-support class com.ms.osp.ospmrshl exposes unsafe methods that can permit remote code execution via a Java applet. Microsoft’s MS02-052 patch is the documented fix path; other sources (CERT/OpenVAS) identify this...

7.5CVSS7.1AI score0.06341EPSS

CVE•added 2003/04/02 5:0 a.m.•51 views

CVE-2002-0076

CVE-2002-0076 affects the Java Runtime Environment (JRE) Bytecode Verifier. The verifier flaw allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation. Affected are Microsoft VM builds up to 3802 (Internet Explorer 4.x/5.x) and Net...

7.5CVSS7.2AI score0.01075EPSS

CVE•added 2004/09/01 4:0 a.m.•50 views

CVE-2002-0866

CVE-2002-0866 affects Microsoft's Java VM JDBC classes, where JDBC functionality could be misused by a Java applet to load and execute a DLL via com.ms.jdbc.odbc.JdbcOdbc, with the DLL name terminated by a null string. The issue enables remote execution of DLLs from the client system, as describe...

7.5CVSS7AI score0.40562EPSS

CVE•added 2003/04/15 4:0 a.m.•50 views

CVE-2003-0111

The CVE-2003-0111 issue affects the ByteCode Verifier component of Microsoft Virtual Machine (VM) used in Windows/Internet Explorer, specifically build 5.0.3809 and earlier. The underlying flaw is that the VM bytecode verifier fails to properly check certain Java applets, allowing remote attacker...

7.5CVSS7.6AI score0.39318EPSS

CVE•added 2000/06/02 4:0 a.m.•49 views

CVE-2000-0327

Technical details for CVE-2000-0327 are not publicly provided in the supplied documents; monitor for updates.

7.6CVSS7.5AI score0.06364EPSS

CVE•added 2002/08/23 4:0 a.m.•46 views

CVE-2002-0979

CVE-2002-0979 concerns the Java logging feature of the JVM in Internet Explorer. The vulnerability arises when the JVM’s logging outputs (e.g., System.out.println) are written to a known pathname, which can be leveraged to execute arbitrary code. The available connected documents confirm the affe...

7.5CVSS7.6AI score0.02993EPSS

CVE•added 2004/09/01 4:0 a.m.•45 views

CVE-2002-0867

CVE-2002-0867 affects Microsoft Virtual Machine up to build 5.0.3805, enabling remote attackers to crash Internet Explorer via invalid handle data in a Java applet (Handle Validation Flaw). OpenVAS and CVE records corroborate this as part of MS02-052/related issues, with proposed remediation: app...

5CVSS6.6AI score0.05504EPSS

CVE•added 2000/02/08 5:0 a.m.•41 views

CVE-2000-0132

Microsoft Java Virtual Machine contains a flaw in getSystemResourceAsStream that allows remote attackers to read files. The CVE-2000-0132 entry is confirmed in the NVD, with a Network attack vector, high complexity, no authentication, and partial confidentiality impact (base score 2.6/10). The pr...

2.6CVSS7AI score0.05969EPSS