The Microsoft Java virtual machine (VM) build 5.0.3805 and previous versions, as used in Internet Explorer, allows remote malicious users to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft java virtual machine 1.1 |