Vulnerabilities > CVE-2001-0542 - Unspecified vulnerability in Microsoft SQL Server 2000/7.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
NVD
Published: 2001-12-20
Updated: 2024-11-20

Summary

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.

Vulnerable Configurations

Part Description Count
Application
Microsoft
2

Oval

accepted2011-05-16T04:03:32.410-04:00
classvulnerability
contributors
  • nameYi-Fang Koh
    organizationThe MITRE Corporation
  • nameIngrid Skoog
    organizationThe MITRE Corporation
  • nameChristine Walzer
    organizationThe MITRE Corporation
  • nameMike Lah
    organizationThe MITRE Corporation
descriptionBuffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
familywindows
idoval:org.mitre.oval:def:83
statusaccepted
submitted2003-10-10T12:00:00.000-04:00
titleMicrosoft SQL Server 3-Function Buffer Overflow
version5

References