Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069