Description
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Martin Rakhmanoff · textlocalwindows
https://www.exploit-db.com/exploits/21549
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A291
US Government Resource third-party-advisory
x_refsource_cert
http://www.cert.org/advisories/CA-2002-22.html
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034
Scores
EPSS
0.0543
EPSS Percentile
90.2%
Details
Status
published
Products (2)
microsoft/msde
2000
microsoft/sql_server
2000
Published
Jul 23, 2002
Tracked Since
Feb 18, 2026