Microsoft VM 2000/3000/3100/3188/3200/3300/3802/3805 series - JDBC Class Code Execution
| EKU-ID: 27308 | CVE: CVE-2002-0866;OSVDB-11912 | OSVDB-ID: |
| Author: anonymous | Published: 2002-09-19 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27308 | CVE: CVE-2002-0866;OSVDB-11912 | OSVDB-ID: |
| Author: anonymous | Published: 2002-09-19 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/5751/info
Java Database Connectivity (JDBC) classes are used by the Virtual Machine to provide connectivity to various data sources.
It is possible to spoof a JDBC class request to make it appear as though it came from an authorized applet. This could allow execution of any DLL on the system by a remote attacker.
new com.ms.jdbc.odbc.JdbcOdbc("C:\\mydll\000");
This results in the malicious applet loading the attacker-supplied DLL 'C:\mydll.dll'.