← Back

CVE-2002-1137

nvd nist
Published: Oct 11, 2002Modified: Apr 16, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.

Affected (10)

Microsoft
2 products
Data Engine
Sql Server
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Data Engine
Version 1.0
Data Engine
Version 2000
Microsoft
Sql Server
Version 2000
Sql Server
Version 2000 sp1
Sql Server
Version 2000 sp2
Sql Server
Version 7.0
Sql Server
Version 7.0 sp1
Sql Server
Version 7.0 sp2
Sql Server
Version 7.0 sp3
Sql Server
Version 7.0 sp4

References (12)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
ExploitPatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.