Buffer Overflow in Microsoft SQL Server and MSDE Products
CVE-2002-1137

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Data Engine
Vendor: CVE Published:; 11 October 2002

What is CVE-2002-1137?

The vulnerability arises from a buffer overflow in the Database Console Command (DBCC) of Microsoft SQL Server versions 7.0 and 2000, along with Microsoft Data Engine (MSDE) 1.0 and MSDE 2000. Attackers can exploit this flaw by providing a long SourceDB argument, particularly in non-SQL OLEDB data sources like FoxPro, allowing for the execution of arbitrary code. This not only compromises the integrity of the database but also poses significant security risks to deployed applications.

References

http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms...

vendor-advisoryx_refsource_CISCO

http://www.scan-associates.net/papers/foxpro.txt

x_refsource_MISC

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

21% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2002
Vulnerability Reserved
Sep 23, 2002