Vulnerabilities > CVE-2002-0982 - Remote Security vulnerability in Microsoft SQL Server 2000

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

microsoft

exploit available

NVD

Published: 2002-09-24

Updated: 2016-10-18

Summary

Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft SQL Server 2000	1

Exploit-Db

description	Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability. CVE-2002-0982 . Remote exploit for windows platform
id	EDB-ID:21651
last seen	2016-02-02
modified	2002-07-25
published	2002-07-25
reporter	Cesar Cerrudo
source	https://www.exploit-db.com/download/21651/
title	Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability

References

http://marc.info/?l=bugtraq&m=103004505027360&w=2