CVE-2002-1289

CVE Database · CVE-2002-1289

CVE-2002-1289

· N/AModified

CVSS v3.1

N/A

EPSS

16.31%

Published

Nov 29, 2002

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters.

Affected Products (1)

microsoft · java_virtual_machinevulnerable

References (8)

http://marc.info/?l=bugtraq&m=103682630823080&w=2

http://marc.info/?l=ntbugtraq&m=103684360031565&w=2

http://www.iss.net/security_center/static/10582.php

http://www.securityfocus.com/bid/6140

http://marc.info/?l=bugtraq&m=103682630823080&w=2

http://marc.info/?l=ntbugtraq&m=103684360031565&w=2

http://www.iss.net/security_center/static/10582.php

http://www.securityfocus.com/bid/6140

KEV Catalog EPSS Scores Vendors All CVEs