Vulnerabilities > CVE-2002-0154 - Unspecified vulnerability in Microsoft SQL Server 2000/7.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Oval
| accepted | 2014-06-23T04:00:23.692-04:00 | ||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||
| description | Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments. | ||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:121 | ||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||
| submitted | 2003-10-10T12:00:00.000-04:00 | ||||||||||||||||||||||||||||||||||||
| title | Microsoft SQL Server Extended Stored Procedure Buffer Overflow | ||||||||||||||||||||||||||||||||||||
| version | 4 |
References
- http://marc.info/?l=bugtraq&m=101535353331625&w=2
- http://www.cert.org/advisories/CA-2002-22.html
- http://www.kb.cert.org/vuls/id/627275
- http://www.securityfocus.com/archive/1/261775
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-020
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A121