| Vulnerability Name: | CCN-5440 | ||||||
| Published: | 2000-10-18 | ||||||
| Updated: | 2000-10-18 | ||||||
| Summary: | Microsoft Virtual Machine (VM) could allow a malicious Web site operator to read files on a visiting user's computer through a malicious Java applet. The Microsoft VM allows Java applets to be run on Windows operating systems. A malicious Web site operator could read files from a visiting user's computer if the exact name and location of the files were known. If the visiting user is within an intranet, an attacker could also read files on the user's intranet. Affected is vulnerable as well. | ||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
| ||||||
| Vulnerability Consequences: | File Manipulation | ||||||
| References: | Source: CCN Type: Georgi Guninski Security Advisory #24 IE 5.5/Outlook java security vulnerability - reading arbitrary local files and URLs Source: CCN Type: Microsoft Security Bulletin MS00-081 Patch Available for New Variant of "VM File Reading" Vulnerability Source: CCN Type: Microsoft Security Bulletin MS02-013 04 March 2002 Cumulative VM Update Source: CCN Type: Microsoft Security Bulletin MS02-069 Flaw in Microsoft VM Could Enable System Compromise (810030) Source: CCN Type: Microsoft Security Bulletin MS03-011 Flaw in Microsoft VM Could Enable System Compromise (816093) Source: CCN Type: BID-1812 Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability Source: CCN Type: SmartComputing Reference Series Article, May 2001, Vol.5 Issue 2, Page(s) 20-22 in print issue Pouring On The Java: Use Of Java & Java Applets Gets More Popular On The Web Source: XF Type: UNKNOWN vm-java-codebase-exe(5440) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||