← back
CVE-2003-0896

CVE-2003-0896

EPSS 14.0%
The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/23276unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lsd-pl.net/code/JVM/jre.tar.gzhttp://marc.info/?l=bugtraq&m=106692334503819&w=2http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57221http://sunsolve.sun.com/search/document.do?assetkey=1-66-200356-1http://www.securityfocus.com/advisories/6028http://www.securityfocus.com/archive/1/342580http://www.securityfocus.com/archive/1/342583http://www.securityfocus.com/bid/8879