Vulnerability Description
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Msde | 2000 |
| Microsoft | Sql Server | 2000 |
References
- http://marc.info/?l=bugtraq&m=102639885223746&w=2
- http://www.kb.cert.org/vuls/id/682620US Government Resource
- http://www.ngssoftware.com/advisories/ms-sqlbi.txt
- http://www.securityfocus.com/bid/4847
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-03
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=102639885223746&w=2
- http://www.kb.cert.org/vuls/id/682620US Government Resource
- http://www.ngssoftware.com/advisories/ms-sqlbi.txt
- http://www.securityfocus.com/bid/4847
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-03
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2002-0641?
CVE-2002-0641 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute ar...
How severe is CVE-2002-0641?
CVE-2002-0641 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0641?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Msde, Microsoft Sql Server.