| Vulnerability Name: | CVE-2002-0056 (CCN-8243) | ||||||||
| Assigned: | 2002-02-19 | ||||||||
| Published: | 2002-02-19 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Feb 19 2002 - 16:10:01 CST MSDE, Sql Server 7 & 2000 Adhoc Heterogenous Queries Buffer Overflow and DOS Source: MITRE Type: CNA CVE-2002-0056 Source: BUGTRAQ Type: UNKNOWN 20020219 MSDE, Sql Server 7 & 2000 Adhoc Heterogenous Queries Buffer Overflow and DOS Source: VULN-DEV Type: UNKNOWN 20020219 MSDE, Sql Server 7 & 2000 Adhoc Heterogenous Queries Buffer Overflow and DOS Source: CCN Type: CERT Advisory CA-2002-22 Multiple Vulnerabilities in Microsoft SQL Server Source: CCN Type: CIAC Information Bulletin M-044 Microsoft SQL Server Remote Data Source Function Contains Unchecked Buffers Source: CCN Type: US-CERT VU#619707 Microsoft SQL Server contains buffer overflows in openrowset and opendatasource macros Source: CERT-VN Type: US Government Resource VU#619707 Source: CCN Type: Microsoft Security Bulletin MS02-007 SQL Server Remote Data Source Function Contain Unchecked Buffers Source: CCN Type: Microsoft Security Bulletin MS02-020 SQL Extended Procedure Functions Contain Unchecked Buffers (Q319507) Source: CCN Type: Microsoft Security Bulletin MS02-034 Cumulative Patch for SQL Server (Q316333) Source: CCN Type: Microsoft Security Bulletin MS02-038 Unchecked Buffer in SQL Server 2000 Utilities Could Allow Code Execution (Q316333) Source: CCN Type: Microsoft Security Bulletin MS02-039 Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875) Source: CCN Type: Microsoft Security Bulletin MS02-043 Cumulative Patch for SQL Server (Q316333) Source: CCN Type: Microsoft Security Bulletin MS02-056 Cumulative Patch for SQL Server (Q316333) Source: CCN Type: Microsoft Security Bulletin MS02-061 Elevation of Privilege in SQL Server Web Tasks (Q316333) Source: CCN Type: Microsoft Security Bulletin MS03-031 Cumulative Patch for Microsoft SQL Server (815495) Source: CCN Type: OSVDB ID: 10142 Microsoft SQL Server OpenDataSource OLE DB Provider Name Overflow Source: CCN Type: OSVDB ID: 10143 Microsoft SQL Server OpenRowset OLE DB Provider Name Overflow Source: BID Type: UNKNOWN 4135 Source: CCN Type: BID-4135 Microsoft SQL Server OLE DB Provider Name Buffer Overflow Vulnerability Source: MS Type: UNKNOWN MS02-007 Source: XF Type: UNKNOWN mssql-oledb-adhoc-bo(8243) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:271 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||