First published: Fri Oct 11 2002(Updated: )
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft SQL Server | =7.0-sp1 | |
Microsoft SQL Server | =2000-sp2 | |
Microsoft SQL Server | =7.0 | |
Microsoft SQL Server Data Engine (MSDE) | =1.0 | |
Microsoft SQL Server | =2000 | |
Microsoft SQL Server | =2000-sp1 | |
Microsoft SQL Server Data Engine (MSDE) | =2000 | |
Microsoft SQL Server | =7.0-sp3 | |
Microsoft SQL Server | =7.0-sp4 | |
Microsoft SQL Server | =7.0-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2002-1137 is considered critical due to its potential for remote code execution.
To mitigate CVE-2002-1137, apply the latest patches and updates provided by Microsoft for affected SQL Server versions.
CVE-2002-1137 affects Microsoft SQL Server 7.0 and 2000, including specific service pack versions and Microsoft Data Engine.
CVE-2002-1137 is a buffer overflow vulnerability that can be exploited via the Database Console Command.
Yes, CVE-2002-1137 can potentially allow attackers to execute arbitrary code, leading to unauthorized access.