46 matches found
CVE-2012-1856
CVE-2012-1856 covers a remote code execution vulnerability in the TabStrip ActiveX control (MSCOMCTL.OCX) used by multiple Microsoft Office components and related products. The issue arises from a system-state corruption triggered by crafted (1) documents or (2) web pages, allowing remote attacke...
CVE-2002-1123
CVE-2002-1123 is a buffer overflow in the authentication function of Microsoft SQL Server 2000 and MSDE 2000 triggered by a long TCP 1433 request, enabling remote code execution. Public writeups and scanners (MS02-056, Metasploit/MSF module, OpenVAS checks) confirm the existence of the Hello Over...
CVE-2008-5416
The connected KB/MS advisory confirms CVE-2008-5416 relates to a heap-based memory overwrite flaw in SQL Server via the sp_replwritetovarbin extended stored procedure. It affects multiple SQL Server family products and service packs (SQL Server 2000 SP4/MSDE 2000, SQL Server 2005 SP2, WYukon/Wind...
CVE-2002-0643
The CVE-2002-0643 issue concerns Microsoft Data Engine 1.0 (MSDE 1.0) and Microsoft SQL Server 2000: the installation creates setup.iss files with insecure permissions and does not delete them after installation, enabling local users to access sensitive data such as the sa password and potentiall...
CVE-2008-0106
CVE-2008-0106 describes a buffer overflow in Microsoft SQL Server 2005 SP1/SP2 and SQL Server 2005 Express SP1/SP2 that could allow remote authenticated users to execute arbitrary code via a crafted insert statement. The connected KB article MS08-040 (KB941203) confirms Microsoft released a secur...
CVE-2008-0086
CVE-2008-0086 corresponds to vulnerabilities addressed by MS08-040. The Connected KB (KB941203) states MS08-040 resolves four privately disclosed vulnerabilities in Microsoft SQL Server products, with the more serious one enabling code execution and full system compromise if exploited. The CVE de...
CVE-2008-0107
CVE-2008-0107 is a memory corruption vulnerability in multiple SQL Server lineage components (SQL Server 7.0, SQL Server 2000/2005, MSDE/WYukon) triggered by a crafted on-disk file path supplied via SMB or WebDAV, leading to a heap-based buffer overflow. The flaw permits remote authenticated user...
CVE-2008-4110
The OpenVAS/OpenVAS-derived data (plus CVE-2008-4110 details) confirms a buffer overflow in the Microsoft SQL Server 2000 ActiveX control: sqlvdir.dll (SQLVDIRLib.SQLVDirControl) that is loaded from Tools\Binn\sqlvdir.dll. The vulnerability is triggered by a long URL passed as the second argument...
CVE-2002-1145
The CVE-2002-1145 entry describes a privilege-escalation issue in the Web Tasks xp_runwebtask stored procedure for Microsoft SQL Server 7.0, SQL Server 2000, MSDE 1.0, and MSDE 2000. The vulnerability arises because xp_runwebtask can be executed by PUBLIC, allowing an attacker to update a webtask...
CVE-2002-0642
CVE-2002-0642 corresponds to an elevation-of-privilege issue in Microsoft SQL Server 2000 and MSDE 2000 caused by insecure permissions on the registry key that stores the SQL Server service account. The OpenVAS/SECURITYVULNS entries corroborate a privilege-escalation risk tied to the SQL Server s...
CVE-2002-0721
The CVE-2002-0721 issue affects Microsoft SQL Server 7.0 and 2000 where extended stored procedures with weak permissions (xp_execresultset, xp_printstatements, xp_displayparamstmt) can allow an unprivileged user to execute procedures with administrator privileges. CERT advisories describe the ris...
CVE-2002-0649
CVE-2002-0649 describes a remote buffer-overflow in the SQL Server Resolution Service of Microsoft SQL Server 2000 and MSDE (port 1434/UDP). The vulnerability is triggered by UDP packets beginning with 0x04 (long registry key name) or 0x08 (long string), which can cause a denial of service or arb...
CVE-2008-0085
CVE-2008-0085 describes a memory handling flaw in multiple SQL Server products (SQL Server 7.0, 2000, 2005 and related Desktop Engine variants) where memory pages are not initialized during reallocations, enabling a potential disclosure of sensitive data via memory-page reuse. Connected Microsoft...
CVE-2000-1082
The OpenVAS entry confirms CVE-2000-1082 affects Microsoft SQL Server and MSDE via the Extended Stored Procedures interface. The issue is in xp_enumresultset, where the function does not properly restrict the length of a buffer before calling srv_paraminfo, enabling denial of service or arbitrary...
CVE-2001-0542
CVE-2001-0542 describes buffer/format-string vulnerabilities in Microsoft SQL Server 7.0 and 2000. The issues affect the built-in formatting functions raiserror, formatmessage, and xp_sprintf, allowing an attacker with SQL Server access to execute arbitrary code or potentially cause a denial of s...
CVE-2002-0650
CVE-2002-0650 affects Microsoft SQL Server 2000’s Resolution Service on UDP port 1434. A forged ping from one server to another (both using 1434) can trigger the Resolution Service to exchange referrals/pings in an infinite loop, causing a denial of service (bandwidth/resource exhaustion) between...
CVE-2002-0057
The CVE-2002-0057 issue affects the Microsoft XML Core Services XMLHTTP control (MSXML) in versions 2.6, 3.0, and 4.0 where IE security zone handling is applied to redirected data streams. The flaw allows a remote attacker to read arbitrary local files by specifying a local file as the XML Data S...
CVE-2001-0879
CVE-2001-0879 describes a format-string vulnerability in the C runtime functions used by Microsoft SQL Server 7.0 and 2000. The underlying issue is a format string handling flaw in the C runtime, which can allow an attacker to trigger a denial of service. The available connected documents confirm...
CVE-2002-0186
CVE-2002-0186 describes a buffer overflow in the Microsoft SQLXML ISAPI extension for SQL Server 2000. The flaw arises from inadequate validation of the contenttype parameter in SQLXML HTTP requests, allowing a remote attacker to trigger a crash or execute arbitrary code (the extension runs with ...
CVE-2002-0224
MSDTC DoS (CVE-2002-0224) affects Microsoft Windows 2000, IIS 5.x, and SQL Server up to 2000. A DoS can be triggered by sending malformed input to the MSDTC service, potentially causing crashes or hangs. OpenVAS/Nessus refer to MS02-018 as the patch that mitigates related issues; applying that pa...
CVE-2000-1087
The CVE-2000-1087 vulnerability affects Microsoft SQL Server 2000 and MSDE, where the xp_proxiedmetadata function fails to properly restrict buffer length before invoking srv_paraminfo in the Extended Stored Procedures API. This can allow a local attacker to cause a denial of service or execute a...
CVE-2002-0056
CVE-2002-0056 concerns Microsoft SQL Server 7.0 and 2000, where a buffer overflow is triggered by a long OLE DB provider name used with OpenDataSource or OpenRowset in an ad hoc connection. The resulting issue can allow an attacker to execute arbitrary code with the SQL Server service account’s p...
CVE-2000-1084
The CVE-2000-1084 issue affects Microsoft SQL Server and SQL Server Desktop Engine (MSDE) via Extended Stored Procedures. The vulnerable component is xp_updatecolvbm, which does not properly restrict buffer length before calling srv_paraminfo in the XP API, enabling a potential denial of service ...
CVE-2003-0230
CVE-2003-0230 affects Microsoft SQL Server 7, 2000, and MSDE. The vulnerability allows local users to gain privileges by hijacking a named pipe during authentication, due to a flaw in how named pipes are checked by SQL Server when a client authenticates via a named pipe. Impact is privilege eleva...
CVE-2000-1088
CVE-2000-1088 affects Microsoft SQL Server 2000 and MSDE via the Extended Stored Procedures API. The vulnerability lies in xp_SetSQLSecurity not properly restricting the buffer length before calling srv_paraminfo, enabling a attacker to cause a denial of service or execute arbitrary commands. The...
CVE-2002-0154
Microsoft SQL Server 7.0 and SQL Server 2000 contain buffer overflow vulnerabilities in multiple extended stored procedures. A remote attacker could exploit these to cause a denial of service or execute arbitrary code (potentially with the SQL Server service account privileges), and could even af...
CVE-2002-0187
The CVE-2002-0187 entry corresponds to a cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000, where an attacker could inject script via the root parameter of an XML SQL query. Connected documents also describe a related overflow issue in the SQLXML ISAPI filter...
CVE-2002-0644
CVE-2002-0644 / CVE-2002-1137 describe a buffer overflow in the Database Consistency Checkers (DBCCs) of Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 . The vulnerability allows db_owner and db_ddladmin role members to execute arbitrary code due to overflow in DBCC input hand...
CVE-2000-1083
The CVE describes a buffer-length validation flaw in xp_showcolv within SQL Server and MSDE’s Extended Stored Procedures. The xp_showcolv path can overrun a buffer before srv_paraminfo is invoked, enabling denial of service or arbitrary command execution. Affected products are SQL Server and MSDE...
CVE-2001-0509
CVE-2001-0509 affects RPC servers in Microsoft Exchange Server 2000 and earlier, Microsoft SQL Server 2000 and earlier, Windows NT 4.0, and Windows 2000. The vulnerability allows remote attackers to cause a denial of service via malformed inputs. No exploitation details or specific fixes are prov...
CVE-2002-1138
CVE-2002-1138 affects Microsoft SQL Server 7.0 and 2000, including MSDE 1.0 and MSDE 2000. The flaw is in Output File Handling for Scheduled Jobs: these components write output files for scheduled jobs under the SQL Server service account rather than the launching entity. This privilege mismatch ...
CVE-2002-1872
Consolidated details from multiple sources confirm CVE-2002-1872 affects Microsoft SQL Server 6.0 through 2000 when SQL Authentication is enabled. The underlying issue is weak password encryption using XOR, enabling remote attackers to sniff and decrypt passwords. Affected software: Microsoft SQL...
CVE-2000-1081
Microsoft SQL Server extended stored procedures vulnerability CVE-2000-1081 affects xp_displayparamstmt in SQL Server and MSDE. The issue arises from insufficiently restricting the input buffer length before calling srv_paraminfo in the Extended Stored Procedures API, enabling potential denial of...
CVE-2002-0859
CVE-2002-0859 describes a buffer overflow in the OpenDataSource function of the Jet engine used by Microsoft SQL Server 2000. The vulnerability permits remote attackers to execute arbitrary code, affecting the system via the Jet engine component. The available records indicate the issue arises fr...
CVE-2002-0982
Microsoft SQL Server 2000 SP2 (when configured as a distributor) is exposed to an arbitrary code execution vulnerability through the @scriptfile parameter of the sp_MScopyscript stored procedure. The CVE-2002-0982 entry documents this as a high-severity issue (CVSS v2 base score 7.5) with network...
CVE-2003-0232
CVE-2003-0232 affects Microsoft SQL Server 7, 2000, and MSDE. The issue is a buffer overflow in a Local Procedure Call (LPC) port that can be triggered by a specially crafted request, allowing a local attacker to execute arbitrary code with the SQL Server service account’s privileges. The vulnera...
CVE-2000-1085
The vulnerability CVE-2000-1085 affects Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE). It concerns the xp_peekqueue function, where the length of a buffer is not properly restricted before invoking srv_paraminfo in the SQL Server API for Extended Stored Procedures (XP). This coul...
CVE-2000-1086
The CVE-2000-1086 entry affects Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE). The vulnerability lies in the xp_printstatements function, which fails to properly restrict the length of a buffer before calling srv_paraminfo in the SQL Server API for Extended Stored Procedures (XP)...
CVE-2002-0624
CVE-2002-0624 describes a buffer overflow in the pwdencrypt() password-encryption function in Microsoft SQL Server 2000 (including MSDE 2000) that can allow remote attackers to execute arbitrary code with the SQL Server service account when authenticating via SQL Server Authentication. Public sou...
CVE-2002-0645
Technical details for CVE-2002-0645 are not publicly provided in the connected documents; the available sources reference the vulnerability at a high level. Monitor for updates from official advisories.
CVE-2002-1137
CVE-2002-1137 describes a buffer overflow in the Database Console Command (DBCC) in Microsoft SQL Server 7.0 and 2000, including MSDE 1.0/MSDE 2000. The vulnerability stems from handling of user input, allowing an attacker to execute arbitrary code via a long SourceDB argument in a non-SQL OLEDB ...
CVE-2003-0231
Summary: CVE-2003-0231 affects Microsoft SQL Server 7.0, SQL Server 2000, and MSDE. A long request to a named pipe can trigger a denial of service, making the server unresponsive for local or remote authenticated users. The issue arises from how SQL Server interprets a return code from a named-pi...
CVE-2002-0729
Microsoft SQL Server 2000 is affected by CVE-2002-0729. The vulnerability allows remote attackers to cause a denial of service by sending a malformed 0x08 packet missing a colon separator. Root cause is a malformed packet handling in the SQL Server service. Public details in the provided document...
CVE-2002-1981
Microsoft SQL Server 2000 up to SP2 allows the public role to execute the stored procedures sp_MSSetServerProperties and sp_MSsetalertinfo, enabling modification of configuration including startup and alert settings. This CVE description is corroborated across NVD/Red Hat/CVE pages. No explicit e...
CVE-2002-0641
The CVE-2002-0641 issue affects Microsoft SQL Server 2000 and MSDE 2000, where a buffer overflow in the BULK INSERT procedure can be triggered by a file name that is too long. Exploitation requires Bulk Admin or Administrator privileges and can allow execution of arbitrary code with system/high p...
CVE-2001-0344
CVE-2001-0344 describes a privilege-escalation vulnerability in Microsoft SQL Server 2000 Gold and SQL Server 7.0 when running in Mixed Mode. An attacker with local database access could exploit reusing a cached sa administrator connection to gain privileges. The Initial Description states the vu...