Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-1081

5 documents4 sources
Severity
4.6MEDIUM
EPSS
6.8%
top 8.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Data EngineMicrosoft SQL Server
Timeline
PublishedJan 9
Latest updateApr 30

Description

The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/sql_server2000, 7.0+1
NVDmicrosoft/data_engine1.0, 2000+1

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-6pm9-q8g6-xp59: The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before2022-04-30
CVEList
CVE-2000-1081: The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before2000-12-19

💥Exploits & PoCs

2
Exploit-DB
Microsoft SQL Server 7.0/2000 / Data Engine 1.0/2000 - xp_displayparamstmt Buffer Overflow2000-12-01
Exploit-DB
Microsoft IIS 4.0 - UNC Mapped Virtual Host2000-03-30
CVE-2000-1081 (MEDIUM CVSS 4.6) | The xp_displayparamstmt function in | cvebase.io