CVE-2002-0624: Buffer Overflow
First published: Fri Jul 12 2002(Updated: )
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft SQL Server | =2000 | |
| Microsoft SQL Server Data Engine (MSDE) | =2000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-0624?
CVE-2002-0624 is considered critical due to the possibility of remote code execution.
How do I fix CVE-2002-0624?
To fix CVE-2002-0624, apply the latest security patches provided by Microsoft for SQL Server 2000 and MSDE 2000.
Who is affected by CVE-2002-0624?
CVE-2002-0624 affects users running Microsoft SQL Server 2000 and Microsoft SQL Server Desktop Engine (MSDE) 2000.
What type of attack can exploit CVE-2002-0624?
CVE-2002-0624 can be exploited through SQL Server Authentication allowing attackers to execute arbitrary code.
Is CVE-2002-0624 still relevant today?
While CVE-2002-0624 dates back to 2002, it remains relevant for legacy systems still using affected versions.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft sql server
- version/microsoft sql server/2000
- canonical/microsoft sql server data engine (msde)
- version/microsoft sql server data engine (msde)/2000