Vulnerability Description
Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Virtual Machine | 2000 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html
- http://www.iss.net/security_center/static/10133.phpPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/307306Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/5751
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-05
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html
- http://www.iss.net/security_center/static/10133.phpPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/307306Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/5751
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-05
FAQ
What is CVE-2002-0866?
CVE-2002-0866 is a vulnerability with a CVSS score of 7.5 (HIGH). Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that...
How severe is CVE-2002-0866?
CVE-2002-0866 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0866?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Virtual Machine.