Security Flaw in Microsoft Java Virtual Machine for Internet Explorer
CVE-2002-1292

Currently unrated

Key Information:

Vendor: Microsoft
Status: Java Virtual Machine
Vendor: CVE Published:; 29 November 2002

What is CVE-2002-1292?

The Microsoft Java Virtual Machine utilized in Internet Explorer up to version 5.0.3805 is susceptible to a security flaw that enables remote attackers to manipulate the Standard Security Manager (SSM) class settings. By altering the 'deniedDefinitionPackages' or 'deniedAccessPackages' configurations, attackers can bypass security restrictions, potentially leading to denial of service as malicious Java applets may be improperly approved for execution. This flaw emphasizes the importance of updating vulnerable products to maintain security integrity.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/10585

vdb-entryx_refsource_XF

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/6133

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 29, 2002
Vulnerability Reserved
Nov 13, 2002