Vulnerability Details CVE-2002-0969
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 69.9%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html
- http://marc.info/?l=bugtraq&m=103358628011935&w=2
- http://www.iss.net/security_center/static/10243.php
- http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x
- http://www.securityfocus.com/bid/5853
- http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html
- http://marc.info/?l=bugtraq&m=103358628011935&w=2
- http://www.iss.net/security_center/static/10243.php
- http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x
- http://www.securityfocus.com/bid/5853
- http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt
Products affected by CVE-2002-0969
-
cpe:2.3:a:oracle:mysql:-
-
cpe:2.3:a:oracle:mysql:1.5.1
-
cpe:2.3:a:oracle:mysql:3.20
-
cpe:2.3:a:oracle:mysql:3.20.32a
-
cpe:2.3:a:oracle:mysql:3.21
-
cpe:2.3:a:oracle:mysql:3.22
-
cpe:2.3:a:oracle:mysql:3.22.26
-
cpe:2.3:a:oracle:mysql:3.22.27
-
cpe:2.3:a:oracle:mysql:3.22.28
-
cpe:2.3:a:oracle:mysql:3.22.29
-
cpe:2.3:a:oracle:mysql:3.22.30
-
cpe:2.3:a:oracle:mysql:3.22.32
-
cpe:2.3:a:oracle:mysql:3.23
-
cpe:2.3:a:oracle:mysql:3.23.0
-
cpe:2.3:a:oracle:mysql:3.23.1
-
cpe:2.3:a:oracle:mysql:3.23.10
-
cpe:2.3:a:oracle:mysql:3.23.11
-
cpe:2.3:a:oracle:mysql:3.23.12
-
cpe:2.3:a:oracle:mysql:3.23.13
-
cpe:2.3:a:oracle:mysql:3.23.14
-
cpe:2.3:a:oracle:mysql:3.23.15
-
cpe:2.3:a:oracle:mysql:3.23.16
-
cpe:2.3:a:oracle:mysql:3.23.17
-
cpe:2.3:a:oracle:mysql:3.23.18
-
cpe:2.3:a:oracle:mysql:3.23.19
-
cpe:2.3:a:oracle:mysql:3.23.2
-
cpe:2.3:a:oracle:mysql:3.23.20
-
cpe:2.3:a:oracle:mysql:3.23.21
-
cpe:2.3:a:oracle:mysql:3.23.22
-
cpe:2.3:a:oracle:mysql:3.23.23
-
cpe:2.3:a:oracle:mysql:3.23.24
-
cpe:2.3:a:oracle:mysql:3.23.25
-
cpe:2.3:a:oracle:mysql:3.23.26
-
cpe:2.3:a:oracle:mysql:3.23.27
-
cpe:2.3:a:oracle:mysql:3.23.28
-
cpe:2.3:a:oracle:mysql:3.23.29
-
cpe:2.3:a:oracle:mysql:3.23.3
-
cpe:2.3:a:oracle:mysql:3.23.30
-
cpe:2.3:a:oracle:mysql:3.23.31
-
cpe:2.3:a:oracle:mysql:3.23.32
-
cpe:2.3:a:oracle:mysql:3.23.33
-
cpe:2.3:a:oracle:mysql:3.23.34
-
cpe:2.3:a:oracle:mysql:3.23.35
-
cpe:2.3:a:oracle:mysql:3.23.36
-
cpe:2.3:a:oracle:mysql:3.23.37
-
cpe:2.3:a:oracle:mysql:3.23.38
-
cpe:2.3:a:oracle:mysql:3.23.39
-
cpe:2.3:a:oracle:mysql:3.23.4
-
cpe:2.3:a:oracle:mysql:3.23.40
-
cpe:2.3:a:oracle:mysql:3.23.41
-
cpe:2.3:a:oracle:mysql:3.23.42
-
cpe:2.3:a:oracle:mysql:3.23.43
-
cpe:2.3:a:oracle:mysql:3.23.44
-
cpe:2.3:a:oracle:mysql:3.23.45
-
cpe:2.3:a:oracle:mysql:3.23.46
-
cpe:2.3:a:oracle:mysql:3.23.47
-
cpe:2.3:a:oracle:mysql:3.23.48
-
cpe:2.3:a:oracle:mysql:3.23.49
-
cpe:2.3:a:oracle:mysql:3.23.5
-
cpe:2.3:a:oracle:mysql:3.23.6
-
cpe:2.3:a:oracle:mysql:3.23.7
-
cpe:2.3:a:oracle:mysql:3.23.8
-
cpe:2.3:a:oracle:mysql:3.23.9
-
cpe:2.3:a:oracle:mysql:4.0.0
-
cpe:2.3:a:oracle:mysql:4.0.1
-
cpe:2.3:a:oracle:mysql:4.0.2
-
cpe:2.3:o:microsoft:windows:-