CVE-2002-0076

high HPE
CVSS v3 Base Score
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Score
1.1%
Exploitation probability in 30 days
Top 22% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: March 19, 2002 (8822 days ago)
Last Modified: April 16, 2026
Vendor: HPE
Source: NVD

Description

Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.

CWE

NVD-CWE-Other

Affected Products

hp java jre-jdkmicrosoft virtual machinesun jdksun jresun sdk

References

🔗 sunsolve.sun.com 🔗 www.iss.net 🔗 www.securityfocus.com 🔗 docs.microsoft.com 🔗 sunsolve.sun.com