Buffer Overflow in Microsoft SQL Server 2000 Password Encryption Function
CVE-2002-0624

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Msde
Vendor: CVE Published:; 23 July 2002

Summary

A buffer overflow vulnerability exists in the password encryption function of Microsoft SQL Server 2000 and Microsoft SQL Server Desktop Engine (MSDE) 2000. This flaw enables remote attackers to potentially take control of the database or execute arbitrary code through vulnerable SQL Server Authentication methods. Proper validation and handling of input data are critical to mitigating this risk.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.cert.org/advisories/CA-2002-22.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 23, 2002
Vulnerability Reserved
Jun 12, 2002