Vulnerability Description
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Data Engine | 1.0 |
| Microsoft | Sql Server | 7.0 |
References
- http://www.ciac.org/ciac/bulletins/n-003.shtml
- http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml
- http://www.scan-associates.net/papers/foxpro.txt
- http://www.securityfocus.com/bid/5877ExploitPatchVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-05
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10255
- http://www.ciac.org/ciac/bulletins/n-003.shtml
- http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml
- http://www.scan-associates.net/papers/foxpro.txt
- http://www.securityfocus.com/bid/5877ExploitPatchVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-05
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10255
FAQ
What is CVE-2002-1137?
CVE-2002-1137 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 200...
How severe is CVE-2002-1137?
CVE-2002-1137 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1137?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Data Engine, Microsoft Sql Server.