Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0624

4 documents4 sources
Severity
7.5HIGH
EPSS
5.4%
top 9.83%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft MsdeMicrosoft SQL Server
Timeline
PublishedJul 23
Latest updateApr 30

Description

Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/msde2000

🔴Vulnerability Details

2
GHSA
GHSA-fc6r-g93v-xcwr: Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows re2022-04-30
CVEList
CVE-2002-0624: Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows re2002-07-12

💥Exploits & PoCs

1
Exploit-DB
Microsoft SQL Server 2000 - Password Encrypt procedure Buffer Overflow2002-06-14
CVE-2002-0624 (HIGH CVSS 7.5) | Buffer overflow in the password enc | cvebase.io