Insecure Permissions in Microsoft SQL Server 2000 Service Account Registry Key
CVE-2002-0642

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Msde
Vendor: CVE Published:; 23 July 2002

Summary

The SQL Server service account in Microsoft SQL Server 2000 and its Desktop Engine (MSDE) versions contains a registry key with improperly configured permissions. This flaw allows local users to access sensitive information and potentially escalate their privileges within the system. It poses a significant security risk by enabling unauthorized access to the SQL Server service account, which could lead to further exploitation and compromise of the database environment.

References

http://www.cert.org/advisories/CA-2002-22.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.kb.cert.org/vuls/id/796313

third-party-advisoryx_refsource_CERT-VN

EPSS Score

78% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 23, 2002
Vulnerability Reserved
Jun 28, 2002