Buffer Overflow in Microsoft SQL Server and MSDE Authentication Functions
CVE-2002-1123

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Data Engine
Vendor: CVE Published:; 24 September 2002

What is CVE-2002-1123?

A buffer overflow vulnerability exists in the authentication function of Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000. This flaw allows remote attackers to execute arbitrary code by sending a specially crafted long request to the service listening on TCP port 1433. Attackers exploiting this vulnerability can potentially gain unauthorized access to the affected system, leading to further security breaches and data compromise. Proper mitigation through patching and network security configurations is recommended to protect against potential attacks.

References

http://online.securityfocus.com/archive/1/286220

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/5411

vdb-entryx_refsource_BID

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

88% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 24, 2002
Vulnerability Reserved
Sep 11, 2002