Vulnerability CVE-2000-0162 - CERT Civis.Net

Vulnerability Name:

CVE-2000-0162 (CCN-4024)

Assigned:

2000-02-18

Published:

2000-02-18

Updated:

2021-07-22

Summary:

The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2000-0162

Source: CCN
Type: Microsoft Security Bulletin MS00-011 FAQ
Microsoft Security Bulletin (MS00-011): Frequently Asked Questions

Source: CCN
Type: Microsoft Security Bulletin MS00-081 FAQ
Microsoft Security Bulletin (MS00-081): Frequently Asked Questions

Source: CCN
Type: Microsoft Security Bulletin MS00-011
Patch Available for "VM File Reading" Vulnerability

Source: CCN
Type: Microsoft Security Bulletin MS00-081
Patch Available for New Variant of "VM File Reading" Vulnerability

Source: CCN
Type: Microsoft Security Bulletin MS02-013
04 March 2002 Cumulative VM Update

Source: CCN
Type: Microsoft Security Bulletin MS02-069
Flaw in Microsoft VM Could Enable System Compromise (810030)

Source: CCN
Type: Microsoft Security Bulletin MS03-011
Flaw in Microsoft VM Could Enable System Compromise (816093)

Source: CCN
Type: OSVDB ID: 7831
Microsoft IE Virtual Machine Java Applet Sandbox Bypass

Source: CCN
Type: BID-957
Microsoft Java Virtual Machine getSystemResource Vulnerability

Source: CCN
Type: SmartComputing Reference Series Article, May 2001, Vol.5 Issue 2, Page(s) 20-22 in print issue
Pouring On The Java: Use Of Java & Java Applets Gets More Popular On The Web

Source: MS
Type: UNKNOWN
MS00-011

Source: XF
Type: UNKNOWN
msvm-java-file-read(4024)

Source: CCN
Type: Microsoft Knowledge Base Article 240346
Malicious Java Applet May Be Able to Read, Write, or Delete Files on the Computer of a Web Site Visitor

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:ie:4.1:*:windows_nt_4.0:*:*:*:*:*

OR cpe:/a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*

OR cpe:/a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*

OR cpe:/a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*

OR cpe:/a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*

OR cpe:/a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*

OR cpe:/a:microsoft:ie:4.1:*:windows_95:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:java_virtual_machine:*:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0.1:-:*:*:*:*:*:*

Denotes that component is vulnerable