Security Flaw in Microsoft Java Virtual Machine for Internet Explorer
CVE-2002-1292

Currently unrated

Key Information:

Vendor
Microsoft
Status
Java Virtual Machine
Vendor
CVE Published:
29 November 2002

Summary

The Microsoft Java Virtual Machine utilized in Internet Explorer up to version 5.0.3805 is susceptible to a security flaw that enables remote attackers to manipulate the Standard Security Manager (SSM) class settings. By altering the 'deniedDefinitionPackages' or 'deniedAccessPackages' configurations, attackers can bypass security restrictions, potentially leading to denial of service as malicious Java applets may be improperly approved for execution. This flaw emphasizes the importance of updating vulnerable products to maintain security integrity.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/10585
vdb-entryx_refsource_XF
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securityfocus.com/bid/6133
vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2002-1292 : Security Flaw in Microsoft Java Virtual Machine for Internet Explorer | SecurityVulnerability.io