7.5

CVE-2001-0542

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf.  NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftSql Server Version7.0
MicrosoftSql Server Version2000
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.62% 0.96
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=100891252317406&w=2
http://www.atstake.com/research/advisories/2001/a122001-1.txt
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/700575
US Government Resource
http://www.securityfocus.com/bid/3733
Patch
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060
https://exchange.xforce.ibmcloud.com/vulnerabilities/7724
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A83