CVE-2000-1209
Microsoft SQL Server <7.0 - Privilege Escalation
Title source: llmDescription
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16394
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16395
metasploit
WORKING POC
EXCELLENT
by David Kennedy · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/mssql_payload.rb
References (12)
Scores
EPSS
0.8843
EPSS Percentile
99.5%
Details
Status
published
Products (9)
compaq/insight_manager
7.0 (2 CPE variants)
compaq/insight_manager_xe
1.1
compaq/insight_manager_xe
1.21
compaq/insight_manager_xe
2.1
compaq/insight_manager_xe
2.1b
compaq/insight_manager_xe
2.1c
compaq/insight_manager_xe
2.2
microsoft/data_engine
1.0
microsoft/msde
2000
Published
Aug 12, 2002
Tracked Since
Feb 18, 2026