NVD Vulnerability Detail

CVE-2002-1325

Summary	Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."
Publication Date	Dec. 23, 2002, 2 p.m.
Registration Date	Jan. 29, 2021, 6:04 p.m.
Last Update	April 30, 2019, 11:27 p.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows_2000::::::::
cpe:2.3:o:microsoft:windows_2000::sp1::::::*
cpe:2.3:o:microsoft:windows_2000::sp2::::::*
cpe:2.3:o:microsoft:windows_2000::sp3::::::*
cpe:2.3:o:microsoft:windows_2000_terminal_services::::::::
cpe:2.3:o:microsoft:windows_2000_terminal_services::sp1::::::*
cpe:2.3:o:microsoft:windows_2000_terminal_services::sp2::::::*
cpe:2.3:o:microsoft:windows_2000_terminal_services::sp3::::::*
cpe:2.3:o:microsoft:windows_95::::::::
cpe:2.3:o:microsoft:windows_95::sr2::::::*
cpe:2.3:o:microsoft:windows_98::gold::::::*
cpe:2.3:o:microsoft:windows_98se::::::::
cpe:2.3:o:microsoft:windows_me::::::::
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:::::*
cpe:2.3:o:microsoft:windows_xp::gold:professional:::::
cpe:2.3:o:microsoft:windows_xp::sp1:home:::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.securityfocus.com/bid/6380	BID
2	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069	MS

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows_2000::::::::
cpe:2.3:o:microsoft:windows_2000::sp1::::::*
cpe:2.3:o:microsoft:windows_2000::sp2::::::*
cpe:2.3:o:microsoft:windows_2000::sp3::::::*
cpe:2.3:o:microsoft:windows_2000_terminal_services::::::::
cpe:2.3:o:microsoft:windows_2000_terminal_services::sp1::::::*
cpe:2.3:o:microsoft:windows_2000_terminal_services::sp2::::::*
cpe:2.3:o:microsoft:windows_2000_terminal_services::sp3::::::*
cpe:2.3:o:microsoft:windows_95::::::::
cpe:2.3:o:microsoft:windows_95::sr2::::::*
cpe:2.3:o:microsoft:windows_98::gold::::::*
cpe:2.3:o:microsoft:windows_98se::::::::
cpe:2.3:o:microsoft:windows_me::::::::
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:::::*
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:::::*
cpe:2.3:o:microsoft:windows_xp::gold:professional:::::
cpe:2.3:o:microsoft:windows_xp::sp1:home:::::