CVE-2002-1145
https://notcve.org/view.php?id=CVE-2002-1145
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. • http://marc.info/?l=bugtraq&m=103487044122900&w=2 http://marc.info/?l=ntbugtraq&m=103486356413404&w=2 http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml http://www.iss.net/security_center/static/10388.php http://www.nextgenss.com/advisories/mssql-webtasks.txt http://www.securityfocus.com/bid/5980 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061 •
CVE-2002-1138
https://notcve.org/view.php?id=CVE-2002-1138
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." Microsoft SQL Server 7.0 y 2000, incluyendo Microsoft Data Engine (Motor de datos) (MSDE) 1.0, y Microsoft Desktop Engine (MSDE) 2000, escribe los ficheros de salida de tareas planificadas bajo sus propios privilegios, en vez de la entidad que lo lanzó, lo que permite a atacantes sobreescribir ficheros del sistema, también conociada como "Fallo en Manejo de Fichero de Salida en Tareas Planificadas" • http://www.ciac.org/ciac/bulletins/n-003.shtml http://www.iss.net/security_center/static/10257.php https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056 •
CVE-2002-1137
https://notcve.org/view.php?id=CVE-2002-1137
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. Desbordamiento de búfer en la Consola de Comandos de Base de Datos (CBCC) que maneja la entrada de usuario en Microsoft SQL Server 7.0 y 2000, incluyendo Microsoft Data Engine (MSDE) y Microsoft Desktop Engine (MSDE) 2000, permite a atantes ejecutar código arbitrario, una variante de CAN-2002-0644. • http://www.ciac.org/ciac/bulletins/n-003.shtml http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml http://www.scan-associates.net/papers/foxpro.txt http://www.securityfocus.com/bid/5877 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056 https://exchange.xforce.ibmcloud.com/vulnerabilities/10255 •
CVE-2002-1123 – Microsoft SQL Server - Hello Overflow (MS02-056)
https://notcve.org/view.php?id=CVE-2002-1123
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. Desbordamiento de búfer en Microsof SQL Server permite a atacantes remotos ejecutar código arbitrario mediante una petición larga al puerto TCP 1433, también conocido como desbordamiento "Hello". • https://www.exploit-db.com/exploits/16398 https://www.exploit-db.com/exploits/21693 http://marc.info/?l=bugtraq&m=102873609025020&w=2 http://online.securityfocus.com/archive/1/286220 http://www.ciac.org/ciac/bulletins/n-003.shtml http://www.iss.net/security_center/static/9788.php http://www.securityfocus.com/bid/5411 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056 •
CVE-2002-0859 – Microsoft SQL Server 2000 / Microsoft Jet 4.0 Engine - Unicode Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2002-0859
Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. Desbordamiento de búfer en la función OpenDataSource del motor Jet en Microsoft SQL Server 2000 permite a atacantes remotos ejecutar código arbitrario. • https://www.exploit-db.com/exploits/21569 http://marc.info/?l=bugtraq&m=102450188620081&w=2 http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ282010 http://www.iss.net/security_center/static/9375.php http://www.nextgenss.com/advisories/mssql-ods.txt http://www.securityfocus.com/bid/5057 •