Vulnerability Details CVE-2002-1295
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.031
EPSS Ranking 86.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=103682630823080&w=2
- http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
- http://www.iss.net/security_center/static/10588.php
- http://www.securityfocus.com/bid/6136
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069
- http://marc.info/?l=bugtraq&m=103682630823080&w=2
- http://marc.info/?l=ntbugtraq&m=103684360031565&w=2
- http://www.iss.net/security_center/static/10588.php
- http://www.securityfocus.com/bid/6136
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069
Products affected by CVE-2002-1295
-
cpe:2.3:a:microsoft:java_virtual_machine:1.1