ID CVE-2003-0111
Summary The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:virtual_machine:3805:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:virtual_machine:3805:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:virtual_machine:3809:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:virtual_machine:3809:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-04-2019 - 14:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2004-06-16T12:00:00.000-04:00
class vulnerability
contributors
name Tiffany Bergeron
organization The MITRE Corporation
description The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
family windows
id oval:org.mitre.oval:def:136
status accepted
submitted 2004-04-30T12:00:00.000-04:00
title Microsoft Java Virtual Machine Security Bypass
version 63
refmap via4
cert-vn VU#447569
ms MS03-011
xf msvm-bytecode-improper-validation(11751)
Last major update 30-04-2019 - 14:27
Published 05-05-2003 - 04:00
Back to Top