CVE-2002-0186

Microsoft Sql Server - Buffer Overflow

Title source: rule

Description

Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."

Exploits (1)

exploitdb WRITEUP VERIFIED

by Matt Moore · textdoswindows

https://www.exploit-db.com/exploits/21540

View Code ZIP pw:eip

References (9)

[Patch, Vendor Advisory] http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html

[US Government Resource] http://www.kb.cert.org/vuls/id/811371

[Third Party Advisory, VDB Entry] http://www.osvdb.org/5347

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-030

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A484

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A489

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/5004

[Third Party Advisory] http://www.iss.net/security_center/static/9328.php

[Mailing List] http://marc.info/?l=bugtraq&m=102397345410856&w=2

Scores

EPSS 0.7341

EPSS Percentile 98.8%

Details

Status published

Products (1)

microsoft/sql_server 2000 (3 CPE variants)

Published Jul 03, 2002

Tracked Since Feb 18, 2026