Description

Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.

Remediation

References

CVE-2002-1137

Related Vulnerabilities

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0825)

WordPress Plugin Fitness Trainer-Training Membership Cross-Site Scripting (1.0.8)

WordPress Plugin Access Expiration Cross-Site Scripting (1.1)

MySQL Other Vulnerability (CVE-2001-1255)

WebLogic CVE-2019-2658 Vulnerability (CVE-2019-2658)

Severity

High

Classification

CVE-2002-1137

Tags

Missing Update Known Vulnerabilities