CVE-2000-1209
Microsoft SQL Server <7.0 - Privilege Escalation
Title source: llmDescription
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16395
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16394
metasploit
WORKING POC
EXCELLENT
by David Kennedy · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/mssql_payload.rb
References (12)
Scores
EPSS
0.8843
EPSS Percentile
99.5%
Classification
Status
draft
Affected Products (10)
compaq/insight_manager
compaq/insight_manager
compaq/insight_manager_xe
compaq/insight_manager_xe
compaq/insight_manager_xe
compaq/insight_manager_xe
compaq/insight_manager_xe
compaq/insight_manager_xe
microsoft/data_engine
microsoft/msde
Timeline
Published
Aug 12, 2002
Tracked Since
Feb 18, 2026