CVE-2002-1137

Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.

Published: Oct 11, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1137
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / sql_server	7.0-sp1	7.0-sp1.x
microsoft / sql_server	2000-sp2	2000-sp2.x
microsoft / sql_server	7.0	7.0.x
microsoft / data_engine	1.0	1.0.x
microsoft / sql_server	2000	2000.x
microsoft / sql_server	2000-sp1	2000-sp1.x
microsoft / data_engine	2000	2000.x
microsoft / sql_server	7.0-sp3	7.0-sp3.x
microsoft / sql_server	7.0-sp4	7.0-sp4.x
microsoft / sql_server	7.0-sp2	7.0-sp2.x

http://www.ciac.org/ciac/bulletins/n-003.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml
http://www.scan-associates.net/papers/foxpro.txt
http://www.securityfocus.com/bid/5877
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056
https://exchange.xforce.ibmcloud.com/vulnerabilities/10255

Vulnerability Database

289,599

CVE-2002-1137