CVE-2002-0859

Microsoft Jet - Buffer Overflow in OpenDataSource Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0859. PoCs published by NGSSoftware.

AI-analyzed exploit summary This exploit demonstrates a Unicode-based buffer overflow in Microsoft SQL Server's OpenDataSource function via the MS Jet Engine. It overwrites the saved return address to execute arbitrary shellcode, specifically calling CreateFile() to create a file on the target system.

Description

Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.

Exploits (1)

exploitdb WORKING POC VERIFIED

by NGSSoftware · textdoswindows

https://www.exploit-db.com/exploits/21569

View Code ZIP pw:eip

This exploit demonstrates a Unicode-based buffer overflow in Microsoft SQL Server's OpenDataSource function via the MS Jet Engine. It overwrites the saved return address to execute arbitrary shellcode, specifically calling CreateFile() to create a file on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft SQL Server 2000 SP1/SP2 with MS Jet Engine

Auth required

Prerequisites: Ability to execute T-SQL queries on the target SQL Server · MS Jet Engine component installed

MITRE ATT&CK