Vulnerabilities > CVE-2001-0542 - Buffer Overflow vulnerability in Microsoft SQL-Server 2000/7.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Oval
| accepted | 2011-05-16T04:03:32.410-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| description | Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879. | ||||||||||||||||
| family | windows | ||||||||||||||||
| id | oval:org.mitre.oval:def:83 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2003-10-10T12:00:00.000-04:00 | ||||||||||||||||
| title | Microsoft SQL Server 3-Function Buffer Overflow | ||||||||||||||||
| version | 5 |
References
- http://marc.info/?l=bugtraq&m=100891252317406&w=2
- http://www.atstake.com/research/advisories/2001/a122001-1.txt
- http://www.kb.cert.org/vuls/id/700575
- http://www.securityfocus.com/bid/3733
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7724
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A83