ID CVE-2002-0641
Summary Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:msde:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:msde:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2014-06-23T04:07:47.100-04:00
class vulnerability
contributors
  • name Yi-Fang Koh
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Jerome Athias
    organization McAfee, Inc.
description Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
family windows
id oval:org.mitre.oval:def:316
status accepted
submitted 2003-10-10T12:00:00.000-04:00
title MS SQL Server Bulk Insert Procedure Buffer Overflow
version 4
refmap via4
bid 4847
bugtraq 20020711 Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)
cert-vn VU#682620
misc http://www.ngssoftware.com/advisories/ms-sqlbi.txt
Last major update 12-10-2018 - 21:31
Published 23-07-2002 - 04:00
Last modified 12-10-2018 - 21:31
Back to Top