Vulnerability Description
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Msde | 2000 |
| Microsoft | Sql Server | 2000 |
References
- http://www.cert.org/advisories/CA-2002-22.htmlUS Government Resource
- http://www.iss.net/security_center/static/9523.php
- http://www.kb.cert.org/vuls/id/796313US Government Resource
- http://www.securityfocus.com/bid/5205
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-03
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://www.cert.org/advisories/CA-2002-22.htmlUS Government Resource
- http://www.iss.net/security_center/static/9523.php
- http://www.kb.cert.org/vuls/id/796313US Government Resource
- http://www.securityfocus.com/bid/5205
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-03
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2002-0642?
CVE-2002-0642 is a vulnerability with a CVSS score of 7.2 (HIGH). The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows l...
How severe is CVE-2002-0642?
CVE-2002-0642 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0642?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Msde, Microsoft Sql Server.