Unrated severityNVD Advisory· Published Nov 29, 2002· Updated Apr 16, 2026

CVE-2002-1292

Description

The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running.

Affected products

Microsoft/Java Virtual Machine
cpe:2.3:a:microsoft:java_virtual_machine:1.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/237777nvdUS Government Resource
marc.infonvd
marc.infonvd
www.securityfocus.com/bid/6133nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069nvd
exchange.xforce.ibmcloud.com/vulnerabilities/10585nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000