Unrated severityNVD Advisory· Published Oct 11, 2002· Updated Apr 16, 2026
CVE-2002-1137
CVE-2002-1137
Description
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
Affected products
10cpe:2.3:a:microsoft:data_engine:2000:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:data_engine:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.securityfocus.com/bid/5877nvdExploitPatchVendor Advisory
- www.ciac.org/ciac/bulletins/n-003.shtmlnvd
- www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtmlnvd
- www.scan-associates.net/papers/foxpro.txtnvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/10255nvd
News mentions
0No linked articles in our index yet.