CVE-2000-1088

5 documents4 sources

Severity

4.6MEDIUM

EPSS

27.8%

top 3.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Data Engine Microsoft SQL Server

Timeline

PublishedJan 9

Latest updateApr 30

Description

The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/sql_server2000, 7.0+1

▶NVDmicrosoft/data_engine1.0, 2000+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-54g7-5765-8375: The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer bef↗2022-04-30

▶

CVEList

CVE-2000-1088: The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer bef↗2000-12-19

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Outlook 97/98/2000/4/5 - Address Book Spoofing↗2001-06-05

▶

Exploit-DB

Real Networks RealPlayer 6/7 - Location Buffer Overflow↗2000-04-03

▶