Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0866

5 documents5 sources

Severity

7.5HIGH

EPSS

41.3%

top 2.61%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Virtual Machine

Timeline

PublishedOct 11

Latest updateApr 30

Description

Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/virtual_machine8 versions+7

Patches

Patch: www.iss.net ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-jj44-5j88-5wxr: Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5↗2022-04-30

▶

CVEList

CVE-2002-0866: Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5↗2004-09-01

▶

💥Exploits & PoCs

Exploit-DB

Microsoft VM 2000/3000/3100/3188/3200/3300/3802/3805 series - JDBC Class Code Execution↗2002-09-19

▶

💬Community

Bugzilla

A number of tomcat issues↗2007-05-09

▶