CVE-2002-0076

Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the Virtual Machine Verifier vulnerability.

Affected Software

Name	Vendor	Start Version	End Version
Java_jre-jdk	Hp	1.1.8 (including)	1.1.8 (including)
Java_jre-jdk	Hp	1.2.2 (including)	1.2.2 (including)
Java_jre-jdk	Hp	1.3 (including)	1.3 (including)
Virtual_machine	Microsoft	3802 (including)	3802 (including)
Jdk	Sun	1.1.8-update14 (including)	1.1.8-update14 (including)
Jdk	Sun	1.1.8-update8 (including)	1.1.8-update8 (including)
Jre	Sun	1.1.8-update14 (including)	1.1.8-update14 (including)
Jre	Sun	1.1.8-update8 (including)	1.1.8-update8 (including)
Jre	Sun	1.2.2-update10 (including)	1.2.2-update10 (including)
Jre	Sun	1.3.0-update5 (including)	1.3.0-update5 (including)
Jre	Sun	1.3.1-update1 (including)	1.3.1-update1 (including)
Jre	Sun	1.3.1-update1a (including)	1.3.1-update1a (including)
Sdk	Sun	1.2.2_10 (including)	1.2.2_10 (including)
Sdk	Sun	1.2.2_010 (including)	1.2.2_010 (including)
Sdk	Sun	1.3.1_01 (including)	1.3.1_01 (including)
Sdk	Sun	1.3.1_01a (including)	1.3.1_01a (including)
Sdk	Sun	1.3_05 (including)	1.3_05 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0076
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References