CVE

Id
5035  
CVE No.
CVE-2002-0645  
Status
Candidate  
Description
SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.  
Phase
Proposed (20020726)  
Votes
ACCEPT(5) Armstrong, Baker, Cole, Foat, Wall | MODIFY(1) Frech | NOOP(2) Christey, Cox  
Comments
Christey> XF:mssql-replication-sql-injection(9660) | URL:http://www.iss.net/security_center/static/9660.php | BUGTRAQ:20020725 SQL Server 2000 Buffer Overflows and SQL Inyection vulnerabilities. | URL:http://online.securityfocus.com/archive/1/284382 | Mention that the function "sp_MScopyscript" is affected, along | with other functions. | Frech> XF:mssql-replication-sql-injection(9660)  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
26129 5035 CVE-2002-0645 MS:MS02-038  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63838 JVNDB-2002-000165 Microsoft SQL Server の拡張ストアドプロシージャにおける SQL インジェクションの脆弱性 Microsoft SQL Server の拡張ストアドプロシージャにおいて、SQL Server Agent Proxy アカウントが有効である場合に、 OS および SQL Server に対する任意のコマンドが実行可能な脆弱性が存在します。 CVE-2002-0645 5035 7.5 http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000165.html  View