Vulnerability Details : CVE-2002-0866
Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."
Products affected by CVE-2002-0866
- cpe:2.3:a:microsoft:virtual_machine:3000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:virtual_machine:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:virtual_machine:3300:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:virtual_machine:3200:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:virtual_machine:3100:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:virtual_machine:3188:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:virtual_machine:3805:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2002-0866
41.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2002-0866
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2002-0866
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052
-
http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html
-
http://www.securityfocus.com/bid/5751
-
http://www.kb.cert.org/vuls/id/307306
VU#307306 - Microsoft Java implementation JDBC classes do not properly validate DLL requestsThird Party Advisory;US Government Resource
-
http://www.iss.net/security_center/static/10133.php
Patch;Vendor Advisory
Jump to