CVE-2002-0649

EXPLOITED

Microsoft SQL Server 2000 and MSDE 2000 - Remote Code Execution via UDP Port 1434

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2002-0649 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Metasploit, David Litchfield, hdm, including a Metasploit module exploits/windows/mssql/ms02_039_slammer.

AI-analyzed exploit summary This is a Metasploit module exploiting a buffer overflow in Microsoft SQL Server 2000's resolution service via a malformed UDP packet to port 1434. It achieves remote code execution by overwriting the return address and executing shellcode.

Description

Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16393

This is a Metasploit module exploiting a buffer overflow in Microsoft SQL Server 2000's resolution service via a malformed UDP packet to port 1434. It achieves remote code execution by overwriting the return address and executing shellcode.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft SQL Server 2000 / MSDE <= SP2
No auth needed
Prerequisites: Network access to UDP port 1434 · Vulnerable SQL Server 2000 or MSDE install (pre-SP3)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by David Litchfield · c++remotewindows
https://www.exploit-db.com/exploits/21652

This exploit targets a heap-based buffer overflow in Microsoft SQL Server 2000's Resolution Service via a maliciously crafted UDP packet to port 1434. It includes shellcode for remote code execution, with adjustments for different service pack levels.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft SQL Server 2000 (SP0, SP1, SP2)
No auth needed
Prerequisites: Network access to UDP port 1434 · Target running vulnerable SQL Server 2000 version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by hdm · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/ms02_039_slammer.rb

This Metasploit module exploits a buffer overflow in Microsoft SQL Server 2000's resolution service via a maliciously crafted UDP packet sent to port 1434. The exploit leverages a stack-based overflow to achieve remote code execution by overwriting the return address and executing shellcode.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft SQL Server 2000 / MSDE <= SP2
No auth needed
Prerequisites: Network access to UDP port 1434 on the target · Vulnerable version of Microsoft SQL Server 2000 or MSDE
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (23)

Core 23
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/308396/30/26150/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/308418/30/26150/threaded
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1077
US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2002-22.html
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/484891
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/399260
Mailing List mailing-list x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=102760479902411&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/7945
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/308806/30/26120/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/308324/30/26180/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/308388/30/26180/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/308306/30/26180/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/308321/30/26180/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/308760/30/26120/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/309096/30/26120/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/308419/30/26150/threaded
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102760196931518&w=2
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/308393/30/26180/threaded
US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2003-04.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5310
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/309324/30/26120/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/309776/30/26090/threaded

Scores

EPSS 0.8609
EPSS Percentile 99.4%

Details

VulnCheck KEV 2003-08-01
CWE
CWE-119
Status published
Products (2)
microsoft/data_engine 2000
microsoft/sql_server 2000 (3 CPE variants)
Published Aug 12, 2002
Tracked Since Feb 18, 2026