CVE-2002-0649

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Data Engine
Vendor: CVE Published:; 12 August 2002

Summary

Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.

References

http://www.securityfocus.com/archive/1/308396/30/26150/th...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/308418/30/26150/th...

mailing-listx_refsource_BUGTRAQ

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

96% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 12, 2002
Vulnerability Reserved
Jun 28, 2002

Collectors

NVD DatabaseMitre Database