CVE-2002-1137: Buffer Overflow
First published: Fri Oct 11 2002(Updated: )
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft SQL Server | =7.0-sp1 | |
| Microsoft SQL Server | =2000-sp2 | |
| Microsoft SQL Server | =7.0 | |
| Microsoft SQL Server Data Engine (MSDE) | =1.0 | |
| Microsoft SQL Server | =2000 | |
| Microsoft SQL Server | =2000-sp1 | |
| Microsoft SQL Server Data Engine (MSDE) | =2000 | |
| Microsoft SQL Server | =7.0-sp3 | |
| Microsoft SQL Server | =7.0-sp4 | |
| Microsoft SQL Server | =7.0-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/5877
- http://www.scan-associates.net/papers/foxpro.txt
- http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml
- http://www.ciac.org/ciac/bulletins/n-003.shtml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10255
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056
Frequently Asked Questions
What is the severity of CVE-2002-1137?
CVE-2002-1137 is considered critical due to its potential for remote code execution.
How do I fix CVE-2002-1137?
To mitigate CVE-2002-1137, apply the latest patches and updates provided by Microsoft for affected SQL Server versions.
What software is impacted by CVE-2002-1137?
CVE-2002-1137 affects Microsoft SQL Server 7.0 and 2000, including specific service pack versions and Microsoft Data Engine.
What type of vulnerability is CVE-2002-1137?
CVE-2002-1137 is a buffer overflow vulnerability that can be exploited via the Database Console Command.
Can CVE-2002-1137 allow for unauthorized access?
Yes, CVE-2002-1137 can potentially allow attackers to execute arbitrary code, leading to unauthorized access.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/remedy
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/microsoft
- product/sql server
- canonical/microsoft sql server
- product/data engine
- canonical/microsoft data engine
- agent/software-canonical-lookup-request
- collector/nvd-index
- version/microsoft sql server/7.0-sp1
- version/microsoft sql server/2000-sp2
- version/microsoft sql server/7.0
- canonical/microsoft sql server data engine (msde)
- version/microsoft sql server data engine (msde)/1.0
- version/microsoft sql server/2000
- version/microsoft sql server/2000-sp1
- version/microsoft sql server data engine (msde)/2000
- version/microsoft sql server/7.0-sp3
- version/microsoft sql server/7.0-sp4
- version/microsoft sql server/7.0-sp2