Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0866

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0866
Last Modified 10 Sep 2008 03:13:02
Published 11 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0866

Summary

Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."

Vulnerable Systems

Application

  • Microsoft Virtual Machine 2000

  • Microsoft Virtual Machine 3000

  • Microsoft Virtual Machine 3100

  • Microsoft Virtual Machine 3188

  • Microsoft Virtual Machine 3200

  • Microsoft Virtual Machine 3300

  • Microsoft Virtual Machine 3802

  • Microsoft Virtual Machine 3805


References

CERT-VN - VU#307306

MS - MS02-052

XF - msvm-jdbc-dll-execution(10133)

BID - 5751

BUGTRAQ - 20020923 Technical information about the vulnerabilities fixed by MS-02-52


Last Updated: 27 May 2016 10:37:06