CVE-2002-0641

Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.ngssoftware.com/advisories/ms-sqlbi.txt
http://www.kb.cert.org/vuls/id/682620	US Government Resource
http://www.securityfocus.com/bid/4847
http://marc.info/?l=bugtraq&m=102639885223746&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A316
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:sql_server:2000:::::::*
	cpe:2.3:a:microsoft:msde:2000:::::::*

Information

Published : 2002-07-22 21:00

Updated : 2018-10-12 14:31

NVD link : CVE-2002-0641

Mitre link : CVE-2002-0641

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

microsoft

sql_server
msde

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ngssoftware.com/advisories/ms-sqlbi.txt", "name": "http://www.ngssoftware.com/advisories/ms-sqlbi.txt", "tags": [], "refsource": "MISC"}, {"url": "http://www.kb.cert.org/vuls/id/682620", "name": "VU#682620", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/4847", "name": "4847", "tags": [], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=102639885223746&w=2", "name": "20020711 Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A316", "name": "oval:org.mitre.oval:def:316", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034", "name": "MS02-034", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0641", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2002-07-23T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:msde:2000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T21:31Z"}