Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MS00-035 | First vendor Publication | N/A |
| Vendor | Microsoft | Last vendor Modification | N/A |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| SQL Server 7.0 Service Pack Password Vulnerability |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
ExploitDB Exploits
| id | Description |
|---|---|
| 2002-08-06 | Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerab... |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 557 | MS-SQL Passwordless Admin Account Microsoft SQL Server versions 7 and 2000, along with Microsoft Data Engine (MSDE), by default installs an admin account ('sa') with a blank or null password. Using this account, it is possible for an intruder to modify and delete information stored in the database and may be able to run commands at the operating system level through the xp_cmdshell stored procedure. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2003-03-09 | Name : The remote SQL server is vulnerable to an information disclosure attack. File : smb_nt_ms00-035.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:44:23 |
|
