CVE-2002-0642

5 documents4 sources

Severity

7.2HIGH

EPSS

57.3%

top 1.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Msde Microsoft SQL Server

Timeline

PublishedJul 23

Latest updateApr 30

Description

The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/sql_server2000

▶NVDmicrosoft/msde2000

🔴Vulnerability Details

GHSA

GHSA-7g77-29hm-pfv9: The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MS↗2022-04-30

▶

CVEList

CVE-2002-0642: The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MS↗2003-04-02

▶

🔍Detection Rules

Suricata

GPL NETBIOS xp_reg* registry access↗2010-09-23

▶

Suricata

GPL NETBIOS xp_reg* - registry access↗2010-09-23

▶