10

CVE-2000-1209

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CompaqInsight Manager Version7.0
CompaqInsight Manager Version7.0 Updatesp1
CompaqInsight Manager Xe Version1.1
CompaqInsight Manager Xe Version1.21
CompaqInsight Manager Xe Version2.1
CompaqInsight Manager Xe Version2.1b
CompaqInsight Manager Xe Version2.1c
CompaqInsight Manager Xe Version2.2
MicrosoftData Engine Version1.0
MicrosoftMsde Version2000
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 87.31% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=96333895000350&w=2
http://marc.info/?l=bugtraq&m=96593218804850&w=2
http://marc.info/?l=bugtraq&m=96644570412692&w=2
http://online.securityfocus.com/archive/1/273639
http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ313418
http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq321081
http://www.iss.net/security_center/static/1459.php
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/635463
Patch
Third Party Advisory
US Government Resource
http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp
http://www.osvdb.org/3570
http://www.securityfocus.com/bid/4797