Lucene search

[email protected]CVE-2002-1137

HistoryOct 11, 2002 - 4:00 a.m.

CVE-2002-1137

2002-10-1104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-1137

buffer overflow

microsoft sql server

dbcc

arbitrary code execution

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.5%

JSON

Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a “non-SQL OLEDB data source” such as FoxPro, a variant of CAN-2002-0644.

CPENameOperatorVersion
microsoft:sql_servermicrosoft sql servereq7.0
microsoft:sql_servermicrosoft sql servereq2000
microsoft:data_enginemicrosoft data engineeq1.0
microsoft:data_enginemicrosoft data engineeq2000

CPE	Name	Operator	Version
microsoft:sql_server	microsoft sql server	eq	7.0
microsoft:sql_server	microsoft sql server	eq	2000
microsoft:data_engine	microsoft data engine	eq	1.0
microsoft:data_engine	microsoft data engine	eq	2000

References

www.ciac.org/ciac/bulletins/n-003.shtml

www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml

www.scan-associates.net/papers/foxpro.txt

www.securityfocus.com/bid/5877

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056

exchange.xforce.ibmcloud.com/vulnerabilities/10255

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for CVE-2002-1137

nessus1 cve1