Java Implementation Vulnerability in Internet Explorer by Microsoft
CVE-2002-1288

Currently unrated

Key Information:

Vendor: Microsoft
Status: Java Virtual Machine
Vendor: CVE Published:; 29 November 2002

Summary

The Java implementation provided by Microsoft, when used in Internet Explorer, contains a vulnerability that enables remote attackers to exploit the getAbsolutePath() method within a File() call. This can allow the malicious individuals to determine the current working directory of the Internet Explorer process. Such exposure might lead to more significant attacks if combined with other vulnerabilities, demonstrating the importance of managing and patching Java components within applications.

References

http://marc.info/?l=ntbugtraq&m=103684360031565&w=2

mailing-listx_refsource_NTBUGTRAQ

http://www.securityfocus.com/bid/6139

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=103682630823080&w=2

mailing-listx_refsource_BUGTRAQ

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 29, 2002
Vulnerability Reserved
Nov 13, 2002