CVE-2002-0624
Summary
| CVE | CVE-2002-0624 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-07-23 04:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure." |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Msde | 2000 | All | All | All |
| Application | Microsoft | Sql Server | 2000 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CERT Advisory CA-2002-22 Multiple Vulnerabilities in Microsoft SQL Server | af854a3a-2127-422b-91ae-364da2661108 | www.cert.org | US Government Resource |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| Microsoft Security Bulletin MS02-034 - Moderate | Microsoft Docs | af854a3a-2127-422b-91ae-364da2661108 | docs.microsoft.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.