CVE

Id
4450  
CVE No.
CVE-2002-0056  
Status
Candidate  
Description
Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.  
Phase
Modified (20061101)  
Votes
ACCEPT(5) Cole, Foat, Green, Wall, Ziese | MODIFY(1) Christey  
Comments
Christey> Consider adding BID:4135 | CHANGE> [Christey changed vote from NOOP to MODIFY] | Christey> ADDREF BID:4135 | XF:mssql-oledb-adhoc-bo(8243) | URL:http://www.iss.net/security_center/static/8243.php | Christey> CIAC:M-044 | URL:http://www.ciac.org/ciac/bulletins/m-044.shtml | CERT-VN:VU#619707 | URL:http://www.kb.cert.org/vuls/id/619707  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
21556 4450 CVE-2002-0056 MS:MS02-007  View
21557 4450 CVE-2002-0056 URL:http://www.microsoft.com/technet/security/bulletin/MS02-007.asp  View
21558 4450 CVE-2002-0056 BUGTRAQ:20020219 MSDE, Sql Server 7 & 2000 Adhoc Heterogenous Queries Buffer Overflow and DOS  View
21559 4450 CVE-2002-0056 URL:http://marc.info/?l=bugtraq&m=101422555428036&w=2  View
21560 4450 CVE-2002-0056 VULN-DEV:20020219 MSDE, Sql Server 7 & 2000 Adhoc Heterogenous Queries Buffer Overflow and DOS  View
21561 4450 CVE-2002-0056 URL:http://marc.info/?l=vuln-dev&m=101413924631329&w=2  View
21562 4450 CVE-2002-0056 CERT-VN:VU#619707  View
21563 4450 CVE-2002-0056 URL:http://www.kb.cert.org/vuls/id/619707  View
21564 4450 CVE-2002-0056 BID:4135  View
21565 4450 CVE-2002-0056 URL:http://www.securityfocus.com/bid/4135  View
21566 4450 CVE-2002-0056 OVAL:oval:org.mitre.oval:def:271  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63714 JVNDB-2002-000041 Microsoft SQL Server の OLE DB プロバイダ名の処理におけるバッファオーバーフローの脆弱性 Micrsoft SQL Server において、 OLE DB プロバイダ名の処理実装に問題があり、 ad hoc 接続される場合に、バッファオーバーフローが発生する脆弱性が存在します。 CVE-2002-0056 4450 7.5 http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000041.html  View