CVE-2002-0649

{"id": "CVE-2002-0649", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-08-12T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=102760196931518&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=ntbugtraq&m=102760479902411&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/7945", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.cert.org/advisories/CA-2002-22.html", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.cert.org/advisories/CA-2003-04.html", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/399260", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/484891", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/308306/30/26180/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/308321/30/26180/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/308324/30/26180/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/308388/30/26180/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/308393/30/26180/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/308396/30/26150/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/308418/30/26150/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/308419/30/26150/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/308760/30/26120/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/308806/30/26120/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/309096/30/26120/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/309324/30/26120/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/309776/30/26090/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5310", "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-039", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1077", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm."}, {"lang": "es", "value": "Multiples desbordamientos de buffers en el Servicio de Resoluci\u00f3n en SQL Server 2000 y Microsoft Desktop Engine 2000 (MSDE) permite a atacantes remotos causar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo arbitrario mediante paquetes UDP enviados al puerto 1434 en los que \r\n(1) un byte 0x04 causa al hilo de ejecuci\u00f3n del Monitor SQL generar un nombre de clave del registro largo, o (2) un byte 0x08 con una cadena larga causa corrupci\u00f3n en la pila, tal como se realiza en los exploits por el gusano Slammer/Sapphire."}], "lastModified": "2018-10-19T15:29:04.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:data_engine:2000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51ABD323-BF3F-4825-8788-8FCD614E83E4"}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5D559EE-727C-405C-987C-247973A84D32"}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A74EBC1-FD61-4DD1-AC8A-E4B0F333A980"}, {"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BC2A389-68BF-45B1-833D-96B331844424"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}