Java Runtime Environment (JRE) Bytecode Verifier allows remote malicious users to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and previous versions as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and previous versions, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun jre 1.3.1 |
||
sun jre 1.1.8 |
||
hp java jre-jdk 1.1.8 |
||
hp java jre-jdk 1.3 |
||
sun sdk 1.2.2 10 |
||
sun jre 1.3.0 |
||
sun sdk 1.3.1 01 |
||
sun sdk 1.3.1 01a |
||
microsoft virtual machine 3802 |
||
sun jdk 1.1.8 |
||
sun sdk 1.3 05 |
||
hp java jre-jdk 1.2.2 |
||
sun sdk 1.2.2 010 |
||
sun jre 1.2.2 |