Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-1085

4 documents4 sources
Severity
4.6MEDIUM
EPSS
10.7%
top 6.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Data EngineMicrosoft SQL Server
Timeline
PublishedJan 9
Latest updateApr 30

Description

The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/sql_server2000, 7.0+1
NVDmicrosoft/data_engine1.0, 2000+1

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-gjpv-7qjf-vj7x: The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before c2022-04-30
CVEList
CVE-2000-1085: The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before c2000-12-19

💥Exploits & PoCs

1
Exploit-DB
Microsoft SQL Server 7.0/2000 / Data Engine 1.0/2000 - xp_peekqueue Buffer Overflow2000-12-01
CVE-2000-1085 (MEDIUM CVSS 4.6) | The xp_peekqueue function in Micros | cvebase.io