CVE-2002-0076 - Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox

CVE-2002-0076

Summary

Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.

References

Vulnerable Configurations

cpe:2.3:a:hp:java_jre-jdk:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:hp:java_jre-jdk:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:hp:java_jre-jdk:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:hp:java_jre-jdk:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:hp:java_jre-jdk:1.3:*:*:*:*:*:*:*
cpe:2.3:a:hp:java_jre-jdk:1.3:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.8:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.8:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.8:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.1.8:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.1.8:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.1.8:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.1.8:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.1.8:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.2.2:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.2.2:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1:update1a:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1:update1a:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.2.2_010:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.2.2_010:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.2.2_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.2.2_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3_05:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3_05:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 12-10-2018 - 21:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	4313
compaq	SSRT0822
sun	00218
xf	java-vm-verifier-variant(8480)

Last major update

12-10-2018 - 21:31

Published

19-03-2002 - 05:00

Last modified

12-10-2018 - 21:31