Description
Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by anonymous · textremotewindows
https://www.exploit-db.com/exploits/21808
References (5)
Core 5
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10133.php
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/307306
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5751
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html
Scores
EPSS
0.4056
EPSS Percentile
97.4%
Details
Status
published
Products (8)
microsoft/virtual_machine
2000
microsoft/virtual_machine
3000
microsoft/virtual_machine
3100
microsoft/virtual_machine
3188
microsoft/virtual_machine
3200
microsoft/virtual_machine
3300
microsoft/virtual_machine
3802
microsoft/virtual_machine
3805
Published
Oct 11, 2002
Tracked Since
Feb 18, 2026