Vulnerability Details : CVE-2002-1123
Public exploit exists!
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
Vulnerability category: OverflowExecute code
Products affected by CVE-2002-1123
- cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_engine:2000:*:*:*:*:*:*:*
Threat overview for CVE-2002-1123
Top countries where our scanners detected CVE-2002-1123
Top open port discovered on systems with this issue
1433
IPs affected by CVE-2002-1123 337
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2002-1123!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2002-1123
96.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2002-1123
-
MS02-056 Microsoft SQL Server Hello Overflow
Disclosure Date: 2002-08-05First seen: 2020-04-26exploit/windows/mssql/ms02_056_helloBy sending malformed data to TCP port 1433, an unauthenticated remote attacker could overflow a buffer and possibly execute code on the server with SYSTEM level privileges. This module should work against any vulnerable SQL Server 2000 or MSDE install (< SP
CVSS scores for CVE-2002-1123
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2002-1123
-
http://www.securityfocus.com/bid/5411
Microsoft SQL Server User Authentication Remote Buffer Overflow Vulnerability
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056
-
http://www.ciac.org/ciac/bulletins/n-003.shtml
-
http://www.iss.net/security_center/static/9788.php
Vendor Advisory
-
http://online.securityfocus.com/archive/1/286220
-
http://marc.info/?l=bugtraq&m=102873609025020&w=2
Jump to