Buffer Overflow in Microsoft SQL Server and MSDE Products
CVE-2002-1137

Currently unrated

Key Information:

Vendor

Microsoft
Status
Sql Server
Data Engine
Vendor
CVE Published:
11 October 2002

What is CVE-2002-1137?

The vulnerability arises from a buffer overflow in the Database Console Command (DBCC) of Microsoft SQL Server versions 7.0 and 2000, along with Microsoft Data Engine (MSDE) 1.0 and MSDE 2000. Attackers can exploit this flaw by providing a long SourceDB argument, particularly in non-SQL OLEDB data sources like FoxPro, allowing for the execution of arbitrary code. This not only compromises the integrity of the database but also poses significant security risks to deployed applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms...
vendor-advisoryx_refsource_CISCO
http://www.scan-associates.net/papers/foxpro.txt
x_refsource_MISC
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.