CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2002-1137

Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.21

EPSS Ranking 95.3%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.ciac.org/ciac/bulletins/n-003.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml
http://www.scan-associates.net/papers/foxpro.txt
http://www.securityfocus.com/bid/5877
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056
https://exchange.xforce.ibmcloud.com/vulnerabilities/10255
http://www.ciac.org/ciac/bulletins/n-003.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml
http://www.scan-associates.net/papers/foxpro.txt
http://www.securityfocus.com/bid/5877
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056
https://exchange.xforce.ibmcloud.com/vulnerabilities/10255

Products affected by CVE-2002-1137

Microsoft » Data Engine » Version: 1.0

cpe:2.3:a:microsoft:data_engine:1.0
Microsoft » Data Engine » Version: 2000

cpe:2.3:a:microsoft:data_engine:2000
Microsoft » Sql Server » Version: 2000

cpe:2.3:a:microsoft:sql_server:2000
Microsoft » Sql Server » Version: 7.0

cpe:2.3:a:microsoft:sql_server:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-1137

Products

Pricing

Contact Us