VDB
CVE-2002-0641
CVE-2002-0641
PUBLISHED
CVSS 7.5 HIGH
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
EPSS 17.77% · 95.3th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
17.77%
95.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | sql_server | 2000 |
| microsoft | msde | 2000 |
| n/a | n/a | n/a |
Timeline
- Jul 12, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Oct 31, 2023 EPSS Score
References
- http://www.ngssoftware.com/advisories/ms-sqlbi.txt url
- MS02-034 vendor-advisory
- VU#682620 third-party-advisory
- oval:org.mitre.oval:def:316 vdb
- 20020711 Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) mailing-list
- 4847 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2002-0641 advisory