Microsoft SQL Server 7.0 and 2000 Vulnerability in Job Output Handling
CVE-2002-1138

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Data Engine
Vendor: CVE Published:; 11 October 2002

What is CVE-2002-1138?

Microsoft SQL Server 7.0 and 2000, along with its related Microsoft Data Engine products, exhibit a vulnerability in how output files for scheduled jobs are managed. The system writes these files using its own privileges rather than the privileges of the user who initiated the job. This oversight allows potential attackers to manipulate and overwrite system files, leading to possible unauthorized access and altered system integrity.

References

http://www.iss.net/security_center/static/10257.php

vdb-entryx_refsource_XF

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.ciac.org/ciac/bulletins/n-003.shtml

third-party-advisorygovernment-resourcex_refsource_CIAC

EPSS Score

11% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2002
Vulnerability Reserved
Sep 23, 2002