CVE-2002-0076
First published: Tue Mar 19 2002(Updated: )
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Java Runtime Environment | =1.1.8 | |
| Java Runtime Environment | =1.2.2 | |
| Java Runtime Environment | =1.3 | |
| Microsoft Java Virtual Machine | =3802 | |
| Java Development Kit (JDK) | =1.1.8-update14 | |
| Java Development Kit (JDK) | =1.1.8-update8 | |
| Sun Java Runtime Environment (JRE) | =1.1.8-update14 | |
| Sun Java Runtime Environment (JRE) | =1.1.8-update8 | |
| Sun Java Runtime Environment (JRE) | =1.2.2-update10 | |
| Sun Java Runtime Environment (JRE) | =1.3.0-update5 | |
| Sun Java Runtime Environment (JRE) | =1.3.1-update1 | |
| Sun Java Runtime Environment (JRE) | =1.3.1-update1a | |
| Java Development Kit (JDK) | =1.2.2_10 | |
| Java Development Kit (JDK) | =1.2.2_010 | |
| Java Development Kit (JDK) | =1.3.1_01 | |
| Java Development Kit (JDK) | =1.3.1_01a | |
| Java Development Kit (JDK) | =1.3_05 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-0076?
CVE-2002-0076 is considered a high severity vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2002-0076?
To fix CVE-2002-0076, users should upgrade to a patched version of the Java Runtime Environment.
What systems are affected by CVE-2002-0076?
CVE-2002-0076 affects various versions of the Java Runtime Environment, including versions 1.1.8 and 1.3.x provided by Sun and HP.
Can CVE-2002-0076 be exploited remotely?
Yes, CVE-2002-0076 can be exploited remotely through malicious Java applets.
Is CVE-2002-0076 still a threat today?
While CVE-2002-0076 primarily affects legacy systems, it remains a potential threat if outdated software is still in use.
- agent/references
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/hp
- canonical/java runtime environment
- version/java runtime environment/1.1.8
- version/java runtime environment/1.2.2
- version/java runtime environment/1.3
- vendor/microsoft
- canonical/microsoft java virtual machine
- version/microsoft java virtual machine/3802
- vendor/sun
- canonical/java development kit (jdk)
- version/java development kit (jdk)/1.1.8-update14
- version/java development kit (jdk)/1.1.8-update8
- canonical/sun java runtime environment (jre)
- version/sun java runtime environment (jre)/1.1.8-update14
- version/sun java runtime environment (jre)/1.1.8-update8
- version/sun java runtime environment (jre)/1.2.2-update10
- version/sun java runtime environment (jre)/1.3.0-update5
- version/sun java runtime environment (jre)/1.3.1-update1
- version/sun java runtime environment (jre)/1.3.1-update1a
- version/java development kit (jdk)/1.2.2_10
- version/java development kit (jdk)/1.2.2_010
- version/java development kit (jdk)/1.3.1_01
- version/java development kit (jdk)/1.3.1_01a
- version/java development kit (jdk)/1.3_05