Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1137

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1137
Last Modified 05 Sep 2008 04:29:53
Published 11 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1137

Summary

Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.

Vulnerable Systems

Application

  • Microsoft Data Engine 1.0

  • Microsoft Data Engine 2000

  • Microsoft Sql Server 2000

  • Microsoft Sql Server 7.0


References

BID - 5877

MS - MS02-056

XF - mssql-dbcc-bo-variant(10255)

MISC - http://www.scan-associates.net/papers/foxpro.txt

CISCO - 20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061

CIAC - N-003


Last Updated: 27 May 2016 10:37:12