oval:org.mitre.oval:def:291

Definition Id: oval:org.mitre.oval:def:291

Oval ID:	oval:org.mitre.oval:def:291
Title:	Unchecked Buffer in Password Encryption Procedure
Description:	Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2002-0624	Version:	3
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft SQL Server 2000 Microsoft SQL Server 2000 Desktop Engine (WMSDE)
Definition Synopsis:
Software section SQL Server 2000 is installed AND the version of sqlservr.exe is less than 2000.80.650.0 AND the version of odsole70.dll is less than 2000.80.606.0 AND the version of xpqueue.dll is less than 2000.80.606.0 AND the version of xprepl.dll is less than 2000.80.606.0 AND the version of xplog70.dll is less than 2000.80.606.0 AND the version of xpweb70.dll is less than 2000.80.606.0 AND the version of xpstar.dll is less than 2000.80.628.0 AND Configuration section Mixed Mode Enabled