CVE-2002-0642
HIGH severity · CVSS 7.2
7.2CVSS HIGH
Summary
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
Impact & exploitability
Attack vectorLocal
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)50%
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://www.cert.org/advisories/CA-2002-22.html
- http://www.iss.net/security_center/static/9523.php
- http://www.kb.cert.org/vuls/id/796313
- http://www.securityfocus.com/bid/5205
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1025