CVE-2000-1209 Information

Description

The \sa\ account is installed with a default null password on (1) Microsoft SQL Server 2000 (2) SQL Server 7.0 and (3) Data Engine (MSDE) 1.0 including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager and (6) Visio 2000 which allows remote attackers to gain privileges as exploited by worms such as Voyager Alpha Force and Spida.

Reference

http://marc.info/?l=bugtraq&m=96333895000350&w=2 http://marc.info/?l=bugtraq&m=96593218804850&w=2 http://marc.info/?l=bugtraq&m=96644570412692&w=2 http://online.securityfocus.com/archive/1/273639 http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html http://support.microsoft.com/default.aspx?scid=kb;[LN];Q313418 http://support.microsoft.com/default.aspx?scid=kb;EN-US;q321081 http://www.iss.net/security_center/static/1459.php http://www.kb.cert.org/vuls/id/635463 http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp http://www.osvdb.org/3570 http://www.securityfocus.com/bid/4797