The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters.
References
Configurations
History
20 Nov 2024, 23:40
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=103682630823080&w=2 - | |
References | () http://marc.info/?l=ntbugtraq&m=103684360031565&w=2 - | |
References | () http://www.iss.net/security_center/static/10582.php - | |
References | () http://www.securityfocus.com/bid/6140 - |
Information
Published : 2002-11-29 05:00
Updated : 2024-11-20 23:40
NVD link : CVE-2002-1289
Mitre link : CVE-2002-1289
CVE.ORG link : CVE-2002-1289
JSON object : View
Products Affected
microsoft
- java_virtual_machine
CWE