CVE-2003-1521

Sun Java Plug-In 1.4-1.4.2_02 - Unauthenticated Floppy Drive Access via XmlDocument.createXmlDocument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1521. PoCs published by Marc Schoenefeld.

AI-analyzed exploit summary This Java applet exploits a weakness in Java implementations to repeatedly access the floppy drive (A:), causing a denial-of-service condition. It leverages the `org.apache.crimson.tree.XmlDocument.createXmlDocument` method to stress the floppy device.

Description

Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Marc Schoenefeld · javaremotewindows

https://www.exploit-db.com/exploits/23270

View Code ZIP pw:eip

This Java applet exploits a weakness in Java implementations to repeatedly access the floppy drive (A:), causing a denial-of-service condition. It leverages the `org.apache.crimson.tree.XmlDocument.createXmlDocument` method to stress the floppy device.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Java Plug-in 1.4.x on Microsoft Windows with Internet Explorer

No auth needed

Prerequisites: Java applet execution in a vulnerable environment · Access to a floppy drive (A:)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/8867

Exploit mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/341943

Scores

EPSS 0.0547

EPSS Percentile 91.7%

Details

Status published

Products (4)

sun/java_plug-in 1.4

sun/java_plug-in 1.4.2

sun/java_plug-in 1.4.2_01

sun/java_plug-in 1.4.2_02

Published Dec 31, 2003

Tracked Since Feb 18, 2026