CVE-2001-0542

high Microsoft
CVSS v3 Base Score
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Score
10.4%
Exploitation probability in 30 days
Top 7% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: December 20, 2001 (8911 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.

CWE

NVD-CWE-Other

Affected Products

microsoft sql server

References

🔗 marc.info 🔗 www.atstake.com 🔗 www.kb.cert.org 🔗 www.securityfocus.com 🔗 docs.microsoft.com