CVE-2000-0202
published 2000-03-08CVE-2000-0202: Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.
PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
9.52%
94.8th percentile
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | data_engine | — | — |
| microsoft | sql_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft SQL Server 7.0 SELECT Statement privileges management (MS00-014 / Nessus ID 11217)
vuldb·2026-04-21·CVSS 7.5
CVE-2000-0202 [HIGH] Microsoft SQL Server 7.0 SELECT Statement privileges management (MS00-014 / Nessus ID 11217)
A vulnerability was found in Microsoft SQL Server 7.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SELECT Statement Handler. The manipulation results in improper privilege management.
This vulnerability was named CVE-2000-0202. The attack may be performed from remote. There is no available exploit.
It is recommended to upgrade the affected component.
GHSA
GHSA-mv29-39xm-49c6: Microsoft SQL Server 7
ghsa_unreviewed·2022-04-30
CVE-2000-0202 [HIGH] GHSA-mv29-39xm-49c6: Microsoft SQL Server 7
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2000-03-08
Published