7.5

CVE-2002-0866

EPSS 41.32%
Published 11.10.2002 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Virtual Machine Version2000

Microsoft ≫ Virtual Machine Version3000

Microsoft ≫ Virtual Machine Version3100

Microsoft ≫ Virtual Machine Version3188

Microsoft ≫ Virtual Machine Version3200

Microsoft ≫ Virtual Machine Version3300

Microsoft ≫ Virtual Machine Version3802

Microsoft ≫ Virtual Machine Version3805

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	41.32%	0.971

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052

http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html

http://www.iss.net/security_center/static/10133.php

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/307306

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/5751

https://nvd.nist.gov/vuln/detail/CVE-2002-0866

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-0866

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-0866

EUVD