Exploit Database - Logo

Microsoft VM 2000/3000/3100/3188/3200/3300/3802/3805 series - JDBC Class Code Execution

EDB-ID: 21808 Author: anonymous Published: 2002-09-19
CVE: CVE-2002-0866 Type: Remote Platform: Windows
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/5751/info

Java Database Connectivity (JDBC) classes are used by the Virtual Machine to provide connectivity to various data sources.

It is possible to spoof a JDBC class request to make it appear as though it came from an authorized applet. This could allow execution of any DLL on the system by a remote attacker.

new com.ms.jdbc.odbc.JdbcOdbc("C:\\mydll\000");

This results in the malicious applet loading the attacker-supplied DLL 'C:\mydll.dll'.

Related Exploits

Trying to match CVEs (1): CVE-2002-0866
Trying to match OSVDBs (1): 11912
Other Possible E-DB Search Terms: Microsoft VM 2000/3000/3100/3188/3200/3300/3802/3805 series,  Microsoft VM 2000,  Microsoft VM
Date D V Title Author
No matches
Menu