// For flags

CVE-2002-1295

 

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability."

La implementación de Java de Microsoft, como la usada en Interntet Explorer, permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente llevar a cabo otras actividades no autorizadas mediante etiquetas de applets en HTML que evitan las restricciones de las clases de Java (como constructores privados) dando el nombre de la clase en parámetro del código.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2002-11-13 CVE Reserved
  • 2002-11-14 CVE Published
  • 2023-04-25 EPSS Updated
  • 2024-08-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
 Java Virtual Machine
Search vendor "Microsoft" for product "Java Virtual Machine"
 1.1
Search vendor "Microsoft" for product "Java Virtual Machine" and version "1.1"
-
Affected