CVE-2001-0542

Опубликовано: 20 дек. 2001

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.

Ссылки

http://marc.info/?l=bugtraq&m=100891252317406&w=2
http://www.atstake.com/research/advisories/2001/a122001-1.txt
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/700575
US Government Resource
http://www.securityfocus.com/bid/3733
Patch
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060
https://exchange.xforce.ibmcloud.com/vulnerabilities/7724
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A83
http://marc.info/?l=bugtraq&m=100891252317406&w=2
http://www.atstake.com/research/advisories/2001/a122001-1.txt
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/700575
US Government Resource
http://www.securityfocus.com/bid/3733
Patch
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060
https://exchange.xforce.ibmcloud.com/vulnerabilities/7724
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A83

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.10361

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-w7gq-qfwh-xj2g

github

почти 4 года назад