vendor:
Java Virtual Machine
by:
SecurityFocus
7.5
CVSS
HIGH
Security Bypass
264
CWE
Product Name: Java Virtual Machine
Affected Version From: Microsoft Java Virtual Machine 5.0
Affected Version To: Microsoft Java Virtual Machine 5.0
Patch Exists: YES
Related CWE: CVE-2002-0392
CPE: a:microsoft:java_virtual_machine
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002
Microsoft Java Virtual Machine Security Bypass Vulnerability
The Microsoft Java virtual machine implementation contains a vulnerability that may allow for malicious Java applets to escape the security sandbox. An applet constructed at the bytecode-level may be able to perform some illegal operations. If these operations are performed, it may be possible to escape the security constraints placed on the applet by the JVM. Code execution with the privileges of the victim user may be possible.
Mitigation:
Ensure that all Java applets are from trusted sources and that the latest security patches are applied.
