CVE-2002-0942

Lumigent Log Explorer < 3.01 - Buffer Overflow via Extended Stored Procedures

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2002-0942. PoCs published by Martin Rakhmanoff.

AI-analyzed exploit summary The exploit demonstrates a buffer overflow in the xp_logattach_StartProf stored procedure of Lumigent Log Explorer's xp_logattach.dll. By passing an oversized string (800 bytes of 'A'), it overwrites memory, potentially leading to arbitrary code execution in the context of the SQL Server process.

Description

Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers with database permissions to execute arbitrary code via long arguments to the extended stored procedures (1) xp_logattach_StartProf, (2) xp_logattach_setport, or (3) xp_logattach.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Martin Rakhmanoff · textlocalwindows
https://www.exploit-db.com/exploits/21550

The exploit demonstrates a buffer overflow in the xp_logattach_StartProf stored procedure of Lumigent Log Explorer's xp_logattach.dll. By passing an oversized string (800 bytes of 'A'), it overwrites memory, potentially leading to arbitrary code execution in the context of the SQL Server process.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Lumigent Log Explorer (xp_logattach.dll)
Auth required
Prerequisites: Access to SQL Server with dbo privileges · Lumigent Log Explorer installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Martin Rakhmanoff · textlocalwindows
https://www.exploit-db.com/exploits/21551

This exploit demonstrates a buffer overflow vulnerability in Lumigent Log Explorer's xp_logattach_setport stored procedure. By passing an oversized string (800 bytes) to the procedure, an attacker can overwrite memory locations, potentially leading to remote code execution as the SQL server process.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Lumigent Log Explorer (xp_logattach.dll)
Auth required
Prerequisites: Access to SQL Server with dbo privileges · Lumigent Log Explorer installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5017
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-06/0146.html
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9346.php
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/277026
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5016
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5018

Scores

EPSS 0.0620
EPSS Percentile 92.6%

Details

Status published
Products (1)
lumigent/log_explorer < 3.01
Published Oct 04, 2002
Tracked Since Feb 18, 2026