CVE-2002-1138

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Data Engine
Vendor: CVE Published:; 11 October 2002

Summary

Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."

References

http://www.iss.net/security_center/static/10257.php

vdb-entryx_refsource_XF

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.ciac.org/ciac/bulletins/n-003.shtml

third-party-advisorygovernment-resourcex_refsource_CIAC

EPSS Score

2% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 11, 2002
Vulnerability Reserved
Sep 23, 2002

Collectors

NVD DatabaseMitre Database