4.6
CVE-2000-1088
- EPSS 2.85%
- Veröffentlicht 09.01.2001 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:53:07
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Data Engine Version1.0
Microsoft ≫ Data Engine Version2000
Microsoft ≫ Sql Server Version7.0
Microsoft ≫ Sql Server Version2000
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.85% | 0.849 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092
http://marc.info/?l=bugtraq&m=97570884410184&w=2
http://www.securityfocus.com/bid/2043