CVE-2000-1209

critical Microsoft
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
88.4%
Exploitation probability in 30 days
Top 0% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: August 12, 2002 (8676 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.

CWE

NVD-CWE-Other

Affected Products

compaq insight managercompaq insight manager xemicrosoft data enginemicrosoft msde

References

🔗 marc.info 🔗 marc.info 🔗 marc.info 🔗 online.securityfocus.com 🔗 security-archive.merton.ox.ac.uk