CVE-2002-0641 Information

Description

Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000 including Microsoft SQL Server Desktop Engine (MSDE) 2000 allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.

Reference

http://marc.info/?l=bugtraq&m=102639885223746&w=2 http://www.kb.cert.org/vuls/id/682620 http://www.ngssoftware.com/advisories/ms-sqlbi.txt http://www.securityfocus.com/bid/4847 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A316