Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0542

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0542
Last Modified 10 Sep 2008 03:08:20
Published 20 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0542

Summary

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.

Vulnerable Systems

Application

  • Microsoft Sql Server 2000

  • Microsoft Sql Server 7.0


References

CERT-VN - VU#700575

XF - mssql-text-message-bo(7724)

BID - 3733

MS - MS01-060

ATSTAKE - A122001-1

BUGTRAQ - 20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server


Last Updated: 27 May 2016 10:36:18