All the vulnerabilites related to microsoft - msde
Vulnerability from fkie_nvd
Published
2002-07-23 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | msde | 2000 | |
| microsoft | sql_server | 2000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:msde:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF06B44-FC10-49CD-954E-9C4058731A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D559EE-727C-405C-987C-247973A84D32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el procedimiento de inserci\u00f3n masiva (bulk insert) en Microsoft SQL Server 2000, incluyendo Microsoft SQL Server Desktop Engine (MSDE) 2000, permite a atacantes con privilegios de administrador de bases de datos, la ejecuci\u00f3n de c\u00f3digo arbitrario mediante un nombre largo de fichero en la consulta BULK INSERT."
}
],
"id": "CVE-2002-0641",
"lastModified": "2024-11-20T23:39:32.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-23T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102639885223746\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/682620"
},
{
"source": "cve@mitre.org",
"url": "http://www.ngssoftware.com/advisories/ms-sqlbi.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4847"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102639885223746\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/682620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ngssoftware.com/advisories/ms-sqlbi.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A316"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-23 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | msde | 2000 | |
| microsoft | sql_server | 2000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:msde:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF06B44-FC10-49CD-954E-9C4058731A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D559EE-727C-405C-987C-247973A84D32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka \"Unchecked Buffer in Password Encryption Procedure.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n de encriptaci\u00f3n de contrase\u00f1as en Microsoft SQL Server 2000, incluyendo Microsoft SQL Server Desktop Engine (MSDE) 2000, permite a atacantes remotos la obtenci\u00f3n del control sobre la base de datos y la ejecuci\u00f3n de c\u00f3digo arbitrario mediante SQL Server Authentication .\r\nEsta vulnerabilidad tambi\u00e9n es conocida como Unchecked Buffer in Password Encryption Procedure."
}
],
"id": "CVE-2002-0624",
"lastModified": "2024-11-20T23:39:30.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-23T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-22.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-22.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A291"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:34
Severity ?
Summary
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| compaq | insight_manager | 7.0 | |
| compaq | insight_manager | 7.0 | |
| compaq | insight_manager_xe | 1.1 | |
| compaq | insight_manager_xe | 1.21 | |
| compaq | insight_manager_xe | 2.1 | |
| compaq | insight_manager_xe | 2.1b | |
| compaq | insight_manager_xe | 2.1c | |
| compaq | insight_manager_xe | 2.2 | |
| microsoft | data_engine | 1.0 | |
| microsoft | msde | 2000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:compaq:insight_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "875427C5-D74E-4299-BD02-051D3D052F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:compaq:insight_manager:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "27B2FE40-2B7A-4707-86EF-FD7C6E2FEE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:compaq:insight_manager_xe:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "034C9386-7576-4313-815F-6C0DFB90C38A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:compaq:insight_manager_xe:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "803B702A-3D4D-4438-A182-B181BEA00270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:compaq:insight_manager_xe:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87261CA0-1226-46EA-9725-23DFBB443067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:compaq:insight_manager_xe:2.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "71C976B5-5B6C-40DC-8C9E-10283B2BCA29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:compaq:insight_manager_xe:2.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "36FEFBCD-D125-49B9-804D-6F013E7C5937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:compaq:insight_manager_xe:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4C2153-508E-4A2A-8EFC-A2BA37FF9DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F455C373-A9F7-47F9-828E-DEE2C8CC6545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:msde:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF06B44-FC10-49CD-954E-9C4058731A2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"sa\" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida."
}
],
"id": "CVE-2000-1209",
"lastModified": "2024-11-20T23:34:15.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=96333895000350\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=96593218804850\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=96644570412692\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/273639"
},
{
"source": "cve@mitre.org",
"url": "http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html"
},
{
"source": "cve@mitre.org",
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ313418"
},
{
"source": "cve@mitre.org",
"url": "http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq321081"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/1459.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/635463"
},
{
"source": "cve@mitre.org",
"url": "http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3570"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=96333895000350\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=96593218804850\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=96644570412692\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/273639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ313418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq321081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/1459.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/635463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4797"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-23 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | msde | 2000 | |
| microsoft | sql_server | 2000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:msde:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF06B44-FC10-49CD-954E-9C4058731A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D559EE-727C-405C-987C-247973A84D32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka \"Incorrect Permission on SQL Server Service Account Registry Key.\""
},
{
"lang": "es",
"value": "La clave del registro que contiene informaci\u00f3n sobre el servicio SQL Server en Microsoft SQL Server 2000, incluyendo Microsoft SQL Server Desktop Engine (MSDE) 2000, posee unos permisos inseguros, lo cual permite a usuarios locales la obtenci\u00f3n de privilegios. Esta vulnerabilidad tambi\u00e9n es conocida como Incorrect Permission on SQL Server Service Account Registry Key."
}
],
"id": "CVE-2002-0642",
"lastModified": "2024-11-20T23:39:32.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-23T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-22.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9523.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/796313"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5205"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-22.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9523.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/796313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1025"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2002-0641
Vulnerability from cvelistv5
Published
2002-07-12 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ngssoftware.com/advisories/ms-sqlbi.txt | x_refsource_MISC | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034 | vendor-advisory, x_refsource_MS | |
| http://www.kb.cert.org/vuls/id/682620 | third-party-advisory, x_refsource_CERT-VN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A316 | vdb-entry, signature, x_refsource_OVAL | |
| http://marc.info/?l=bugtraq&m=102639885223746&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/4847 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/ms-sqlbi.txt"
},
{
"name": "MS02-034",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
},
{
"name": "VU#682620",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/682620"
},
{
"name": "oval:org.mitre.oval:def:316",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A316"
},
{
"name": "20020711 Microsoft SQL Server 2000 \u0027BULK INSERT\u0027 Buffer Overflow (#NISR11072002)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102639885223746\u0026w=2"
},
{
"name": "4847",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/ms-sqlbi.txt"
},
{
"name": "MS02-034",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
},
{
"name": "VU#682620",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/682620"
},
{
"name": "oval:org.mitre.oval:def:316",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A316"
},
{
"name": "20020711 Microsoft SQL Server 2000 \u0027BULK INSERT\u0027 Buffer Overflow (#NISR11072002)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102639885223746\u0026w=2"
},
{
"name": "4847",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4847"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngssoftware.com/advisories/ms-sqlbi.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/ms-sqlbi.txt"
},
{
"name": "MS02-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
},
{
"name": "VU#682620",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/682620"
},
{
"name": "oval:org.mitre.oval:def:316",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A316"
},
{
"name": "20020711 Microsoft SQL Server 2000 \u0027BULK INSERT\u0027 Buffer Overflow (#NISR11072002)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102639885223746\u0026w=2"
},
{
"name": "4847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4847"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0641",
"datePublished": "2002-07-12T04:00:00",
"dateReserved": "2002-06-28T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0624
Vulnerability from cvelistv5
Published
2002-07-12 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A291 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.cert.org/advisories/CA-2002-22.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:291",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A291"
},
{
"name": "CA-2002-22",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-22.html"
},
{
"name": "MS02-034",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka \"Unchecked Buffer in Password Encryption Procedure.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:291",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A291"
},
{
"name": "CA-2002-22",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-22.html"
},
{
"name": "MS02-034",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka \"Unchecked Buffer in Password Encryption Procedure.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:291",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A291"
},
{
"name": "CA-2002-22",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-22.html"
},
{
"name": "MS02-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0624",
"datePublished": "2002-07-12T04:00:00",
"dateReserved": "2002-06-12T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-1209
Vulnerability from cvelistv5
Published
2002-08-10 04:00
Modified
2024-08-08 05:45
Severity ?
EPSS score ?
Summary
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3570",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3570"
},
{
"name": "4797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4797"
},
{
"name": "20000710 MSDE / Re: Default Password Database",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96333895000350\u0026w=2"
},
{
"name": "VU#635463",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/635463"
},
{
"name": "mssql-no-sapassword(1459)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/1459.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp"
},
{
"name": "20000816 Released Patch: Tumbleweed Worldsecure (MMS) BLANK \u0027sa\u0027 account password",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96644570412692\u0026w=2"
},
{
"name": "20020522 Opty-Way Enterprise includes MSDE with sa \u003cblank\u003e",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/273639"
},
{
"name": "Q313418",
"tags": [
"vendor-advisory",
"x_refsource_MSKB",
"x_transferred"
],
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ313418"
},
{
"name": "20000810 Tumbleweed Worldsecure (MMS) BLANK \u0027sa\u0027 account password",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96593218804850\u0026w=2"
},
{
"name": "Q321081",
"tags": [
"vendor-advisory",
"x_refsource_MSKB",
"x_transferred"
],
"url": "http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq321081"
},
{
"name": "20000815 MS-SQL \u0027sa\u0027 user exploit code",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"sa\" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3570",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3570"
},
{
"name": "4797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4797"
},
{
"name": "20000710 MSDE / Re: Default Password Database",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96333895000350\u0026w=2"
},
{
"name": "VU#635463",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/635463"
},
{
"name": "mssql-no-sapassword(1459)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/1459.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp"
},
{
"name": "20000816 Released Patch: Tumbleweed Worldsecure (MMS) BLANK \u0027sa\u0027 account password",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96644570412692\u0026w=2"
},
{
"name": "20020522 Opty-Way Enterprise includes MSDE with sa \u003cblank\u003e",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/273639"
},
{
"name": "Q313418",
"tags": [
"vendor-advisory",
"x_refsource_MSKB"
],
"url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ313418"
},
{
"name": "20000810 Tumbleweed Worldsecure (MMS) BLANK \u0027sa\u0027 account password",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=96593218804850\u0026w=2"
},
{
"name": "Q321081",
"tags": [
"vendor-advisory",
"x_refsource_MSKB"
],
"url": "http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq321081"
},
{
"name": "20000815 MS-SQL \u0027sa\u0027 user exploit code",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"sa\" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3570",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3570"
},
{
"name": "4797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4797"
},
{
"name": "20000710 MSDE / Re: Default Password Database",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=96333895000350\u0026w=2"
},
{
"name": "VU#635463",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/635463"
},
{
"name": "mssql-no-sapassword(1459)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/1459.php"
},
{
"name": "http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp"
},
{
"name": "20000816 Released Patch: Tumbleweed Worldsecure (MMS) BLANK \u0027sa\u0027 account password",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=96644570412692\u0026w=2"
},
{
"name": "20020522 Opty-Way Enterprise includes MSDE with sa \u003cblank\u003e",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/273639"
},
{
"name": "Q313418",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q313418"
},
{
"name": "20000810 Tumbleweed Worldsecure (MMS) BLANK \u0027sa\u0027 account password",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=96593218804850\u0026w=2"
},
{
"name": "Q321081",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;EN-US;q321081"
},
{
"name": "20000815 MS-SQL \u0027sa\u0027 user exploit code",
"refsource": "BUGTRAQ",
"url": "http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1209",
"datePublished": "2002-08-10T04:00:00",
"dateReserved": "2002-08-07T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0642
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2002-22.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034 | vendor-advisory, x_refsource_MS | |
| http://www.kb.cert.org/vuls/id/796313 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.iss.net/security_center/static/9523.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5205 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1025 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2002-22",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-22.html"
},
{
"name": "MS02-034",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
},
{
"name": "VU#796313",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/796313"
},
{
"name": "mssql-registry-insecure-permissions(9523)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9523.php"
},
{
"name": "5205",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5205"
},
{
"name": "oval:org.mitre.oval:def:1025",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka \"Incorrect Permission on SQL Server Service Account Registry Key.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2002-22",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-22.html"
},
{
"name": "MS02-034",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
},
{
"name": "VU#796313",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/796313"
},
{
"name": "mssql-registry-insecure-permissions(9523)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9523.php"
},
{
"name": "5205",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5205"
},
{
"name": "oval:org.mitre.oval:def:1025",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka \"Incorrect Permission on SQL Server Service Account Registry Key.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-22",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-22.html"
},
{
"name": "MS02-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034"
},
{
"name": "VU#796313",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/796313"
},
{
"name": "mssql-registry-insecure-permissions(9523)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9523.php"
},
{
"name": "5205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5205"
},
{
"name": "oval:org.mitre.oval:def:1025",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0642",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-06-28T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}