CVE-2002-0866 | Vulnerability Database | Aqua Security

Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka DLL Execution via JDBC Classes.

Affected Software

Name	Vendor	Start Version	End Version
Virtual_machine	Microsoft	2000 (including)	2000 (including)
Virtual_machine	Microsoft	3000 (including)	3000 (including)
Virtual_machine	Microsoft	3100 (including)	3100 (including)
Virtual_machine	Microsoft	3188 (including)	3188 (including)
Virtual_machine	Microsoft	3200 (including)	3200 (including)
Virtual_machine	Microsoft	3300 (including)	3300 (including)
Virtual_machine	Microsoft	3802 (including)	3802 (including)
Virtual_machine	Microsoft	3805 (including)	3805 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html
http://www.iss.net/security_center/static/10133.php
http://www.kb.cert.org/vuls/id/307306
http://www.securityfocus.com/bid/5751
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0866
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html