CVE-2002-0641

Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=102639885223746&w=2
http://www.kb.cert.org/vuls/id/682620	US Government Resource
http://www.ngssoftware.com/advisories/ms-sqlbi.txt
http://www.securityfocus.com/bid/4847
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A316

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:msde:2000:::::::*
	cpe:2.3:a:microsoft:sql_server:2000:::::::*

History

No history.

Information

Published : 2002-07-23 04:00

Updated : 2023-12-10 10:17

NVD link : CVE-2002-0641

Mitre link : CVE-2002-0641

CVE.ORG link : CVE-2002-0641

JSON object : View

Products Affected

microsoft

sql_server
msde

CWE

NVD-CWE-Other

{"id": "CVE-2002-0641", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-07-23T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=102639885223746&w=2", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/682620", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.ngssoftware.com/advisories/ms-sqlbi.txt", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4847", "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A316", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el procedimiento de inserci\u00f3n masiva (bulk insert) en Microsoft SQL Server 2000, incluyendo Microsoft SQL Server Desktop Engine (MSDE) 2000, permite a atacantes con privilegios de administrador de bases de datos, la ejecuci\u00f3n de c\u00f3digo arbitrario mediante un nombre largo de fichero en la consulta BULK INSERT."}], "lastModified": "2018-10-12T21:31:33.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:msde:2000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FF06B44-FC10-49CD-954E-9C4058731A2A"}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5D559EE-727C-405C-987C-247973A84D32"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}