CVE-2001-0542

Sažetak

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.

Reference

http://marc.info/?l=bugtraq&m=100891252317406&w=2
http://www.atstake.com/research/advisories/2001/a122001-1.txt
http://www.kb.cert.org/vuls/id/700575
http://www.securityfocus.com/bid/3733
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060
https://exchange.xforce.ibmcloud.com/vulnerabilities/7724
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A83

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

12-10-2018 - 21:30

Objavljeno

20-12-2001 - 05:00