PT-2002-1880 · Microsoft · Virtual Machine
Published
2002-10-11
·
Updated
2018-10-12
·
CVE-2002-0866
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Microsoft Virtual Machine (VM) versions up to and including 5.0.3805
Description:
The issue allows remote attackers to load and execute DLLs via a Java applet that calls the constructor for
com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string.Recommendations:
For Microsoft Virtual Machine (VM) versions up to and including 5.0.3805, consider disabling the
com.ms.jdbc.odbc.JdbcOdbc class to prevent exploitation until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Virtual Machine