CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2002-1289

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.065

EPSS Ranking 90.6%

CVSS Severity

CVSS v2 Score 7.5

References

http://marc.info/?l=bugtraq&m=103682630823080&w=2
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
http://www.iss.net/security_center/static/10582.php
http://www.securityfocus.com/bid/6140
http://marc.info/?l=bugtraq&m=103682630823080&w=2
http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
http://www.iss.net/security_center/static/10582.php
http://www.securityfocus.com/bid/6140

Products affected by CVE-2002-1289

Microsoft » Java Virtual Machine » Version: 1.1

cpe:2.3:a:microsoft:java_virtual_machine:1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-1289

Products

Pricing

Contact Us