CVE-2003-0232 – Microsoft Windows SQL Server - Remote Denial of Service (MS03-031)
https://notcve.org/view.php?id=CVE-2003-0232
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. Microsoft SQL Server 7, 2000 y MSDE permite a usuarios locales ejecutar código arbitrario mediante una cierta petición al puerto de llamadas de procedimiento local (LPC - Local Procedure Calls) que conduce a un desbordamiento de búfer. • https://www.exploit-db.com/exploits/65 http://www.atstake.com/research/advisories/2003/a072303-3.txt http://www.kb.cert.org/vuls/id/584868 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303 •
CVE-2003-0231 – Microsoft SQL Server 7.0/2000 / MSDE - Named Pipe Denial of Service (MS03-031)
https://notcve.org/view.php?id=CVE-2003-0231
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. Microsoft SQL Server 7, 2000 y MSDE permite a usurios locales o a usuarios remotos autenticados causar una denegación de servicio (caída o cuelgue) mediante un petición larga a una tubería con nombre. • https://www.exploit-db.com/exploits/22957 http://www.atstake.com/research/advisories/2003/a072303-2.txt http://www.kb.cert.org/vuls/id/918652 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299 •
CVE-2002-1145
https://notcve.org/view.php?id=CVE-2002-1145
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. • http://marc.info/?l=bugtraq&m=103487044122900&w=2 http://marc.info/?l=ntbugtraq&m=103486356413404&w=2 http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml http://www.iss.net/security_center/static/10388.php http://www.nextgenss.com/advisories/mssql-webtasks.txt http://www.securityfocus.com/bid/5980 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061 •
CVE-2002-1138
https://notcve.org/view.php?id=CVE-2002-1138
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." Microsoft SQL Server 7.0 y 2000, incluyendo Microsoft Data Engine (Motor de datos) (MSDE) 1.0, y Microsoft Desktop Engine (MSDE) 2000, escribe los ficheros de salida de tareas planificadas bajo sus propios privilegios, en vez de la entidad que lo lanzó, lo que permite a atacantes sobreescribir ficheros del sistema, también conociada como "Fallo en Manejo de Fichero de Salida en Tareas Planificadas" • http://www.ciac.org/ciac/bulletins/n-003.shtml http://www.iss.net/security_center/static/10257.php https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056 •
CVE-2002-1137
https://notcve.org/view.php?id=CVE-2002-1137
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. Desbordamiento de búfer en la Consola de Comandos de Base de Datos (CBCC) que maneja la entrada de usuario en Microsoft SQL Server 7.0 y 2000, incluyendo Microsoft Data Engine (MSDE) y Microsoft Desktop Engine (MSDE) 2000, permite a atantes ejecutar código arbitrario, una variante de CAN-2002-0644. • http://www.ciac.org/ciac/bulletins/n-003.shtml http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml http://www.scan-associates.net/papers/foxpro.txt http://www.securityfocus.com/bid/5877 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056 https://exchange.xforce.ibmcloud.com/vulnerabilities/10255 •