CVE-2002-2022 - Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows local users to execute arbitrar

CVE-2002-2022

Summary

Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows local users to execute arbitrary code, when a java.lang.NoClassDefFoundError is thrown, via format specifiers in the forName attribute.

References

http://cert.uni-stuttgart.de/archive/vuln-dev/2002/03/msg00050.html
http://www.iss.net/security_center/static/8399.php
http://www.securityfocus.com/bid/4249

Vulnerable Configurations

cpe:2.3:a:kaffe:kaffe_openvm:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:kaffe:kaffe_openvm:1.0.6:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 05-09-2008 - 20:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	4249
vuln-dev	20020305 Latest Kaffe Java Virtual Machine Format Strings issue.
xf	openvm-class-format-strings(8399)

Last major update

05-09-2008 - 20:32

Published

31-12-2002 - 05:00

Last modified

05-09-2008 - 20:32