CVE-2000-1209

Published: Aug 12, 2002Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.

Affected (10)

Products: Compaq: Insight Manager, Insight Manager Xe · Microsoft: Data Engine, Msde

2 products

Insight Manager

Insight Manager Xe

2 products

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Compaq Insight Manager	Version 7.0
Compaq Insight Manager	Version 7.0 sp1
Compaq Insight Manager Xe	Version 1.1
Compaq Insight Manager Xe	Version 1.21
Compaq Insight Manager Xe	Version 2.1
Compaq Insight Manager Xe	Version 2.1b
Compaq Insight Manager Xe	Version 2.1c
Compaq Insight Manager Xe	Version 2.2
Microsoft Data Engine	Version 1.0
Microsoft Msde	Version 2000

References (24)

http://marc.info/?l=bugtraq&m=96333895000350&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=96593218804850&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=96644570412692&w=2

Source: cve@mitre.org

http://online.securityfocus.com/archive/1/273639

Source: cve@mitre.org

http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html

Source: cve@mitre.org

http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ313418

Source: cve@mitre.org

http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq321081

Source: cve@mitre.org

http://www.iss.net/security_center/static/1459.php

Source: cve@mitre.org

PatchVendor Advisory

http://www.kb.cert.org/vuls/id/635463

Source: cve@mitre.org

PatchThird Party AdvisoryUS Government Resource

http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp

Source: cve@mitre.org

http://www.osvdb.org/3570

Source: cve@mitre.org

http://www.securityfocus.com/bid/4797

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=96333895000350&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=96593218804850&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=96644570412692&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://online.securityfocus.com/archive/1/273639

Source: af854a3a-2127-422b-91ae-364da2661108

http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ313418

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq321081

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.iss.net/security_center/static/1459.php

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.kb.cert.org/vuls/id/635463

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/3570

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/4797

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.