Remote Code Execution Vulnerability in Microsoft Virtual Machine JDBC Classes
CVE-2002-0866

Currently unrated

Key Information:

Vendor: Microsoft
Status: Virtual Machine
Vendor: CVE Published:; 11 October 2002

Summary

The JDBC classes in Microsoft Virtual Machine, up to and including version 5.0.3805, contain a vulnerability that allows remote attackers to load and execute arbitrary dynamic link libraries (DLLs) via a specially crafted Java applet. This is achieved by invoking the constructor for com.ms.jdbc.odbc.JdbcOdbc with a null-terminated string, leading to unauthorized execution of code on the targeted system. Exploiting this vulnerability can result in unauthorized access and control over the affected system.

References

http://www.iss.net/security_center/static/10133.php

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/307306

third-party-advisoryx_refsource_CERT-VN

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

41% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 11, 2002
Vulnerability Reserved
Aug 15, 2002