CVE-2000-1209
Microsoft SQL Server - Payload Execution
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2002-08-07 CVE Reserved
- 2002-08-10 CVE Published
- 2010-12-21 First Exploit
- 2024-02-08 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=96333895000350&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=96593218804850&w=2 | Mailing List | |
| http://marc.info/?l=bugtraq&m=96644570412692&w=2 | Mailing List | |
| http://online.securityfocus.com/archive/1/273639 | Mailing List | |
| http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html | Mailing List | |
| http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp | X_refsource_confirm | |
| http://www.osvdb.org/3570 | Vdb Entry | |
| http://www.securityfocus.com/bid/4797 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16395 | 2010-12-21 | |
| https://www.exploit-db.com/exploits/16394 | 2011-02-08 |
| URL | Date | SRC |
|---|---|---|
| http://www.iss.net/security_center/static/1459.php | 2023-11-07 | |
| http://www.kb.cert.org/vuls/id/635463 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ313418 | 2023-11-07 | |
| http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq321081 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Compaq Search vendor "Compaq" | Insight Manager Search vendor "Compaq" for product "Insight Manager" | 7.0 Search vendor "Compaq" for product "Insight Manager" and version "7.0" | - |
Affected
| ||||||
| Compaq Search vendor "Compaq" | Insight Manager Search vendor "Compaq" for product "Insight Manager" | 7.0 Search vendor "Compaq" for product "Insight Manager" and version "7.0" | sp1 |
Affected
| ||||||
| Compaq Search vendor "Compaq" | Insight Manager Xe Search vendor "Compaq" for product "Insight Manager Xe" | 1.1 Search vendor "Compaq" for product "Insight Manager Xe" and version "1.1" | - |
Affected
| ||||||
| Compaq Search vendor "Compaq" | Insight Manager Xe Search vendor "Compaq" for product "Insight Manager Xe" | 1.21 Search vendor "Compaq" for product "Insight Manager Xe" and version "1.21" | - |
Affected
| ||||||
| Compaq Search vendor "Compaq" | Insight Manager Xe Search vendor "Compaq" for product "Insight Manager Xe" | 2.1 Search vendor "Compaq" for product "Insight Manager Xe" and version "2.1" | - |
Affected
| ||||||
| Compaq Search vendor "Compaq" | Insight Manager Xe Search vendor "Compaq" for product "Insight Manager Xe" | 2.1b Search vendor "Compaq" for product "Insight Manager Xe" and version "2.1b" | - |
Affected
| ||||||
| Compaq Search vendor "Compaq" | Insight Manager Xe Search vendor "Compaq" for product "Insight Manager Xe" | 2.1c Search vendor "Compaq" for product "Insight Manager Xe" and version "2.1c" | - |
Affected
| ||||||
| Compaq Search vendor "Compaq" | Insight Manager Xe Search vendor "Compaq" for product "Insight Manager Xe" | 2.2 Search vendor "Compaq" for product "Insight Manager Xe" and version "2.2" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Data Engine Search vendor "Microsoft" for product "Data Engine" | 1.0 Search vendor "Microsoft" for product "Data Engine" and version "1.0" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Msde Search vendor "Microsoft" for product "Msde" | 2000 Search vendor "Microsoft" for product "Msde" and version "2000" | - |
Affected
| ||||||