Vulnerability Details CVE-2002-0969
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html
- http://marc.info/?l=bugtraq&m=103358628011935&w=2
- http://www.iss.net/security_center/static/10243.php
- http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x
- http://www.securityfocus.com/bid/5853
- http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html
- http://marc.info/?l=bugtraq&m=103358628011935&w=2
- http://www.iss.net/security_center/static/10243.php
- http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x
- http://www.securityfocus.com/bid/5853
- http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt
Products affected by CVE-2002-0969
-
cpe:2.3:a:oracle:mysql:-
-
cpe:2.3:a:oracle:mysql:1.5.1
-
cpe:2.3:a:oracle:mysql:3.20
-
cpe:2.3:a:oracle:mysql:3.20.32a
-
cpe:2.3:a:oracle:mysql:3.21
-
cpe:2.3:a:oracle:mysql:3.22
-
cpe:2.3:a:oracle:mysql:3.22.26
-
cpe:2.3:a:oracle:mysql:3.22.27
-
cpe:2.3:a:oracle:mysql:3.22.28
-
cpe:2.3:a:oracle:mysql:3.22.29
-
cpe:2.3:a:oracle:mysql:3.22.30
-
cpe:2.3:a:oracle:mysql:3.22.32
-
cpe:2.3:a:oracle:mysql:3.23
-
cpe:2.3:a:oracle:mysql:3.23.0
-
cpe:2.3:a:oracle:mysql:3.23.1
-
cpe:2.3:a:oracle:mysql:3.23.10
-
cpe:2.3:a:oracle:mysql:3.23.11
-
cpe:2.3:a:oracle:mysql:3.23.12
-
cpe:2.3:a:oracle:mysql:3.23.13
-
cpe:2.3:a:oracle:mysql:3.23.14
-
cpe:2.3:a:oracle:mysql:3.23.15
-
cpe:2.3:a:oracle:mysql:3.23.16
-
cpe:2.3:a:oracle:mysql:3.23.17
-
cpe:2.3:a:oracle:mysql:3.23.18
-
cpe:2.3:a:oracle:mysql:3.23.19
-
cpe:2.3:a:oracle:mysql:3.23.2
-
cpe:2.3:a:oracle:mysql:3.23.20
-
cpe:2.3:a:oracle:mysql:3.23.21
-
cpe:2.3:a:oracle:mysql:3.23.22
-
cpe:2.3:a:oracle:mysql:3.23.23
-
cpe:2.3:a:oracle:mysql:3.23.24
-
cpe:2.3:a:oracle:mysql:3.23.25
-
cpe:2.3:a:oracle:mysql:3.23.26
-
cpe:2.3:a:oracle:mysql:3.23.27
-
cpe:2.3:a:oracle:mysql:3.23.28
-
cpe:2.3:a:oracle:mysql:3.23.29
-
cpe:2.3:a:oracle:mysql:3.23.3
-
cpe:2.3:a:oracle:mysql:3.23.30
-
cpe:2.3:a:oracle:mysql:3.23.31
-
cpe:2.3:a:oracle:mysql:3.23.32
-
cpe:2.3:a:oracle:mysql:3.23.33
-
cpe:2.3:a:oracle:mysql:3.23.34
-
cpe:2.3:a:oracle:mysql:3.23.35
-
cpe:2.3:a:oracle:mysql:3.23.36
-
cpe:2.3:a:oracle:mysql:3.23.37
-
cpe:2.3:a:oracle:mysql:3.23.38
-
cpe:2.3:a:oracle:mysql:3.23.39
-
cpe:2.3:a:oracle:mysql:3.23.4
-
cpe:2.3:a:oracle:mysql:3.23.40
-
cpe:2.3:a:oracle:mysql:3.23.41
-
cpe:2.3:a:oracle:mysql:3.23.42
-
cpe:2.3:a:oracle:mysql:3.23.43
-
cpe:2.3:a:oracle:mysql:3.23.44
-
cpe:2.3:a:oracle:mysql:3.23.45
-
cpe:2.3:a:oracle:mysql:3.23.46
-
cpe:2.3:a:oracle:mysql:3.23.47
-
cpe:2.3:a:oracle:mysql:3.23.48
-
cpe:2.3:a:oracle:mysql:3.23.49
-
cpe:2.3:a:oracle:mysql:3.23.5
-
cpe:2.3:a:oracle:mysql:3.23.6
-
cpe:2.3:a:oracle:mysql:3.23.7
-
cpe:2.3:a:oracle:mysql:3.23.8
-
cpe:2.3:a:oracle:mysql:3.23.9
-
cpe:2.3:a:oracle:mysql:4.0.0
-
cpe:2.3:a:oracle:mysql:4.0.1
-
cpe:2.3:a:oracle:mysql:4.0.2
-
cpe:2.3:o:microsoft:windows:-