- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21808
- Проверка EDB
-
- Пройдено
- Автор
- ANONYMOUS
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2002-0866
- Дата публикации
- 2002-09-19
Код:
source: https://www.securityfocus.com/bid/5751/info
Java Database Connectivity (JDBC) classes are used by the Virtual Machine to provide connectivity to various data sources.
It is possible to spoof a JDBC class request to make it appear as though it came from an authorized applet. This could allow execution of any DLL on the system by a remote attacker.
new com.ms.jdbc.odbc.JdbcOdbc("C:\\mydll\000");
This results in the malicious applet loading the attacker-supplied DLL 'C:\mydll.dll'.- Источник
- www.exploit-db.com
