VDB
CVE-2002-0642
CVE-2002-0642
PUBLISHED
CVSS 7.199999809265137 HIGH
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
EPSS 57.25% · 98.2th percentile
Risk Scores
CVSS 2.0
7.199999809265137
EPSS Score
57.25%
98.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| microsoft | sql_server | 2000 |
| microsoft | msde | 2000 |
Timeline
- Jul 23, 2002 CVE Published
- Sep 23, 2010 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- CA-2002-22 third-party-advisory
- MS02-034 vendor-advisory
- VU#796313 third-party-advisory
- mssql-registry-insecure-permissions(9523) vdb
- 5205 vdb
- oval:org.mitre.oval:def:1025 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2002-0642 advisory