Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."
References
Link | Resource |
---|---|
http://www.iss.net/security_center/static/10133.php | Patch Vendor Advisory |
http://www.kb.cert.org/vuls/id/307306 | Third Party Advisory US Government Resource |
http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html | |
http://www.securityfocus.com/bid/5751 | |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2002-10-10 21:00
Updated : 2018-10-12 14:31
NVD link : CVE-2002-0866
Mitre link : CVE-2002-0866
JSON object : View
CWE
Products Affected
microsoft
- virtual_machine