CVE-2002-0624

high

Microsoft

CVSS v3 Base Score

7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

5.4%

Exploitation probability in 30 days

Top 10% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: July 23, 2002 (8696 days ago)

Last Modified: April 16, 2026

Vendor: Microsoft

Source: NVD

Description

Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."

CWE

NVD-CWE-Other

Affected Products

microsoft msdemicrosoft sql server

References

🔗 www.cert.org 🔗 docs.microsoft.com 🔗 oval.cisecurity.org 🔗 www.cert.org 🔗 docs.microsoft.com

CVE-2002-0624

Vulnerability Report

Description

CWE

Affected Products

References