Microsoft Virtual Machine 2000/3000 Java Sandbox privileges management
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.7 | $0-$5k | 0.00 |
Summary
A vulnerability marked as critical has been reported in Microsoft Virtual Machine 2000/3000. This affects an unknown part of the component Java Sandbox. Performing a manipulation results in privileges management. This vulnerability is reported as CVE-2000-0327. No exploit exists. To fix this issue, it is recommended to deploy a patch.
Details
A vulnerability, which was classified as critical, was found in Microsoft Virtual Machine 2000/3000. This affects an unknown code of the component Java Sandbox. The manipulation with an unknown input leads to a privileges management vulnerability. CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability.
The weakness was disclosed 10/21/1999 by Karsten Sohr with University of Marburg as MS99-045 as confirmed bulletin (Technet). It is possible to read the advisory at microsoft.com. This vulnerability is uniquely identified as CVE-2000-0327. The exploitability is told to be difficult. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
Applying the patch MS99-045 is able to eliminate this problem. The bugfix is ready for download at microsoft.com.
The vulnerability is also documented in the databases at X-Force (3378), SecurityFocus (BID 740†) and Vulnerability Center (SBV-4227†). Further details are available at marc.theaimsgroup.com. The entry VDB-14905 is pretty similar. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.1VulDB Meta Temp Score: 7.7
VulDB Base Score: 8.1
VulDB Temp Score: 7.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Privileges managementCWE: CWE-269 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: MS99-045
Timeline
10/21/1999 🔍10/21/1999 🔍
10/21/1999 🔍
10/22/1999 🔍
04/29/2004 🔍
06/22/2014 🔍
04/19/2026 🔍
Sources
Vendor: microsoft.comAdvisory: MS99-045
Researcher: Karsten Sohr
Organization: University of Marburg
Status: Confirmed
CVE: CVE-2000-0327 (🔍)
GCVE (CVE): GCVE-0-2000-0327
GCVE (VulDB): GCVE-100-14907
X-Force: 3378
SecurityFocus: 740 - Microsoft Java Virtual Machine Class Cast Vulnerability
Vulnerability Center: 4227 - [MS99-045] Microsoft Virtual Machine Allow Command Execution, Medium
Misc.: 🔍
See also: 🔍
Entry
Created: 06/22/2014 13:55Updated: 04/19/2026 15:42
Changes: 06/22/2014 13:55 (61), 05/21/2019 12:00 (4), 04/19/2026 15:42 (16)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.