CVE-2002-0695

Severity

75%

Complexity

99%

Confidentiality

106%

Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.

Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Microsoft

First reported 22 years ago

2002-08-12 04:00:00

Last updated 6 years ago

2018-10-12 21:31:00

Affected Software

Microsoft MDAC 1.5

1.5

Microsoft MDAC 2.0

2.0

Microsoft MDAC 2.1

2.1

Microsoft MDAC 2.1.1.3711.11_ga

2.1.1.3711.11

Microsoft data_access_components 2.5

2.5

Microsoft MDAC 2.5 rtm

2.5

Microsoft MDAC 2.5 sp1

2.5

Microsoft MDAC 2.5 sp2

2.5

Microsoft data_access_components 2.6

2.6

Microsoft MDAC 2.6 rtm

2.6

Microsoft MDAC 2.6 sp1

2.6

Microsoft MDAC 2.6 sp2

2.6

Microsoft data_access_components 2.7

2.7

Microsoft MDAC 2.7_rtm_refresh

2.7

Microsoft MDAC 2.12.4202.3

2.12.4202.3

References

mssql-mdac-openrowset-bo(9734)

http://www.nextgenss.com/advisories/mssql-ors.txt

5372

MS02-040

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.