CVE-2002-1138

3 documents3 sources
Severity
7.5HIGH
EPSS
11.4%
top 6.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Data EngineMicrosoft SQL Server
Timeline
PublishedOct 11
Latest updateApr 30

Description

Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/data_engine1.0, 2000+1
NVDmicrosoft/sql_server2000, 7.0+1

🔴Vulnerability Details

2
GHSA
GHSA-3x48-6948-gjj7: Microsoft SQL Server 72022-04-30
CVEList
CVE-2002-1138: Microsoft SQL Server 72004-09-01
CVE-2002-1138 (HIGH CVSS 7.5) | Microsoft SQL Server 7.0 and 2000 | cvebase.io