CVE-2002-1137

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Data Engine
Vendor: CVE Published:; 11 October 2002

Summary

Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.

References

http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms...

vendor-advisoryx_refsource_CISCO

http://www.scan-associates.net/papers/foxpro.txt

x_refsource_MISC

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

2% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 11, 2002
Vulnerability Reserved
Sep 23, 2002

Collectors

NVD DatabaseMitre Database