VDB
CVE-2001-0542
CVE-2001-0542
PUBLISHED
CVSS 7.5 HIGH
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
EPSS 10.36% · 93.3th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
10.36%
93.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | sql_server | 2000, 7.0 |
| n/a | n/a | n/a |
Timeline
- Dec 20, 2001 CVE Published
- Sep 23, 2010 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jun 29, 2023 EPSS Score
References
- mssql-text-message-bo(7724) vdb
- 20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server mailing-list
- 3733 vdb
- VU#700575 third-party-advisory
- MS01-060 vendor-advisory
- oval:org.mitre.oval:def:83 vdb
- A122001-1 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2001-0542 advisory