← Back

CVE-2002-0643

nvd nist
Published: Jul 23, 2002Modified: Apr 16, 2026

JSON object

Loading...
4.6
Vector
AV:L/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 3.9 / Impact: 6.4
Source: NVD

Description

The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."

Affected (8)

Microsoft
2 products
Data Engine
Sql Server
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Data Engine
Version 1.0
Microsoft
Sql Server
Version 2000
Sql Server
Version 2000 sp1
Sql Server
Version 2000 sp2
Sql Server
Version 7.0
Sql Server
Version 7.0 sp1
Sql Server
Version 7.0 sp2
Sql Server
Version 7.0 sp3

References (10)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
US Government Resource
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.