Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2002-0643

CVE information

Published

20 years ago

Last Modified

4 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Description

The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System.".

CVSSv2.0 Score

Severity
Medium
Base Score
4.6/10
Exploit Score
3.9/10
Access Vector
Local
Access Complexity
Low
Authentication Required
None
Impact Score
6.4/10
Confidentiality Impact
Partial
Availability Impact
Partial
Integrity Impact
Partial

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*
  Yes
- -