Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0644

4 documents4 sources

Severity

7.5HIGH

EPSS

9.1%

top 7.35%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Data Engine Microsoft SQL Server

Timeline

PublishedAug 12

Latest updateApr 30

Description

Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/sql_server2000

▶NVDmicrosoft/data_engine2000

🔴Vulnerability Details

GHSA

GHSA-6w62-442x-wvg8: Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members↗2022-04-30

▶

CVEList

CVE-2002-0644: Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members↗2002-07-26

▶

💥Exploits & PoCs

Exploit-DB

Microsoft SQL Server 2000 - Database Consistency Checkers Buffer Overflow↗2002-07-25

▶