Unrated severityNVD Advisory· Published Oct 11, 2002· Updated Jun 16, 2026
CVE-2002-1138
CVE-2002-1138
Description
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_engine:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*
- (no CPE)range: 7.0, 2000
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.