User Directory Exposure in Microsoft Virtual Machine by Microsoft
CVE-2002-1325

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Nt; Windows 2000 Terminal Services; Windows Xp; Windows 2000
Vendor: CVE Published:; 23 December 2002

Summary

The vulnerability discovered in Microsoft Virtual Machine allows unauthorized remote attackers to access sensitive information regarding local user accounts. Specifically, the Java applet's ability to retrieve the user.dir system property can reveal usernames, posing a security risk for affected systems. Users operating on Microsoft Virtual Machine build 5.0.3805 or earlier are advised to update their software to mitigate this risk and protect their privacy.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/6380

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 23, 2002
Vulnerability Reserved
Nov 26, 2002