CVE-2002-1137

CVE Database · CVE-2002-1137

CVE-2002-1137

· N/AModified

CVSS v3.1

N/A

EPSS

9.39%

Published

Oct 11, 2002

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.

Affected Products (10)

microsoft · data_enginevulnerable

microsoft · sql_servervulnerable

References (12)

http://www.ciac.org/ciac/bulletins/n-003.shtml

http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml

http://www.scan-associates.net/papers/foxpro.txt

http://www.securityfocus.com/bid/5877

ExploitPatchVendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056

https://exchange.xforce.ibmcloud.com/vulnerabilities/10255

http://www.ciac.org/ciac/bulletins/n-003.shtml

http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml

http://www.scan-associates.net/papers/foxpro.txt

http://www.securityfocus.com/bid/5877

KEV Catalog EPSS Scores Vendors All CVEs