7.5

CVE-2002-1137

Exploit

EPSS 18.74%
Veröffentlicht 11.10.2002 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Data Engine Version1.0

Microsoft ≫ Data Engine Version2000

Microsoft ≫ Sql Server Version7.0

Microsoft ≫ Sql Server Version7.0 Updatesp1

Microsoft ≫ Sql Server Version7.0 Updatesp2

Microsoft ≫ Sql Server Version7.0 Updatesp3

Microsoft ≫ Sql Server Version7.0 Updatesp4

Microsoft ≫ Sql Server Version2000

Microsoft ≫ Sql Server Version2000 Updatesp1

Microsoft ≫ Sql Server Version2000 Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	18.74%	0.95

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.ciac.org/ciac/bulletins/n-003.shtml

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056

http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml

http://www.scan-associates.net/papers/foxpro.txt

http://www.securityfocus.com/bid/5877

Patch

Vendor Advisory

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/10255

https://nvd.nist.gov/vuln/detail/CVE-2002-1137

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-1137

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-1137

EUVD