CVE-2001-0542
HIGH severity · CVSS 7.5
7.5CVSS HIGH
Summary
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)14%
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://www.atstake.com/research/advisories/2001/a122001-1.txt ↗
Additional information
- NVD record
- http://www.atstake.com/research/advisories/2001/a122001-1.txtPatch
- http://www.securityfocus.com/bid/3733Patch
- http://marc.info/?l=bugtraq&m=100891252317406&w=2
- http://www.kb.cert.org/vuls/id/700575
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7724
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A83