CVE-2002-1137

high Microsoft
CVSS v3 Base Score
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Score
18.7%
Exploitation probability in 30 days
Top 5% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: October 11, 2002 (8616 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.

CWE

NVD-CWE-Other

Affected Products

microsoft data enginemicrosoft sql server

References

🔗 www.ciac.org 🔗 www.cisco.com 🔗 www.scan-associates.net 🔗 www.securityfocus.com 🔗 docs.microsoft.com