Описание
Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."
Ссылки
- PatchVendor Advisory
- Third Party AdvisoryUS Government Resource
- PatchVendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:virtual_machine:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:virtual_machine:3000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:virtual_machine:3100:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:virtual_machine:3188:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:virtual_machine:3200:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:virtual_machine:3300:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:virtual_machine:3805:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.41318
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."
EPSS
Процентиль: 97%
0.41318
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other