Vulnerabilities > CVE-2002-0056 - Buffer Overflow vulnerability in Microsoft SQL Server OLE DB Provider Name
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Oval
| accepted | 2005-10-19T05:47:00.000-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| description | Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection. | ||||||||||||||||||||
| family | windows | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:271 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2003-10-10T12:00:00.000-04:00 | ||||||||||||||||||||
| title | SQL Server OpenDataSource/OpenRowset Buffer Overflow | ||||||||||||||||||||
| version | 3 |
References
- http://marc.info/?l=bugtraq&m=101422555428036&w=2
- http://marc.info/?l=vuln-dev&m=101413924631329&w=2
- http://www.kb.cert.org/vuls/id/619707
- http://www.securityfocus.com/bid/4135
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-007
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A271