Vulnerability CVE-2002-0865


Published: 2002-10-11   Modified: 2012-02-12

Description:
A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes."

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Microsoft -> Virtual machine 

 References:
http://www.iss.net/security_center/static/10135.php
http://www.kb.cert.org/vuls/id/140898
http://www.securityfocus.com/bid/5752
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052

Copyright 2022, cxsecurity.com

 

Back to Top