Detections
Analytics
MS02-030: Unchecked Buffer in SQLXML (321911)
medium Nessus Plugin ID 11304
Synopsis
Arbitrary code can be executed on the remote host through Microsoft SQL server.Description
The remote host is running SQLXML. There are flaws in this application that could allow a remote attacker to execute arbitrary code on this host.Solution
Microsoft has released a set of patches for Office 2000 and XP.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2002/ms02-030
Plugin Details
Severity: Medium
ID: 11304
File Name: smb_nt_ms02-030.nasl
Version: 1.47
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 3/2/2003
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: Medium
Base Score: 5.1
Temporal Score: 4
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5.6
Temporal Score: 5.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:sql_server
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/16/2002
Vulnerability Publication Date: 6/12/2002
Reference Information
CVE: CVE-2002-0186, CVE-2002-0187