Java Runtime Environment (JRE) Bytecode Verifier allows remote malicious users to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and previous versions as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and previous versions, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hp java jre-jdk 1.1.8 |
||
hp java jre-jdk 1.2.2 |
||
sun jre 1.2.2 |
||
sun jre 1.3.0 |
||
sun jre 1.1.8 |
||
hp java jre-jdk 1.3 |
||
microsoft virtual machine 3802 |
||
sun jre 1.3.1 |
||
sun sdk 1.3.1_01 |
||
sun sdk 1.3.1_01a |
||
sun sdk 1.3_05 |
||
sun jdk 1.1.8 |
||
sun sdk 1.2.2_010 |
||
sun sdk 1.2.2_10 |