Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1123

5 documents4 sources

Severity

7.5HIGH

EPSS

89.1%

top 0.47%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Data Engine Microsoft SQL Server

Timeline

PublishedSep 24

Latest updateApr 30

Description

Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/sql_server2000

▶NVDmicrosoft/data_engine2000

🔴Vulnerability Details

GHSA

GHSA-wmvx-9r42-6cq7: Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execu↗2022-04-30

▶

CVEList

CVE-2002-1123: Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execu↗2004-09-01

▶

💥Exploits & PoCs

Exploit-DB

Microsoft SQL Server - Hello Overflow (MS02-056) (Metasploit)↗2010-04-30

▶

Exploit-DB

Microsoft SQL Server 2000 - User Authentication Remote Buffer Overflow↗2002-08-06

▶