|
|
Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
|
Bugtraq ID:
|
5309
|
|
Class:
|
Input Validation Error
|
|
CVE:
|
CAN-2002-0645
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Jul 25 2002 12:00AM
|
|
Updated:
|
Jul 25 2002 12:00AM
|
|
Credit:
|
Discovery credited to Cesar Cerrudo <cesarc56@yahoo.com>.
|
|
Vulnerable:
|
Microsoft SQL Server 2000 Desktop Engine
+
Akiva WebBoard 6.1
+
Microsoft Access 2000
+
Microsoft Application Center 2000
+
Microsoft BizTalk Server 2000 Developer Edition
+
Microsoft BizTalk Server 2000 Enterprise Edition
+
Microsoft BizTalk Server 2000 Standard Edition
+
Microsoft BizTalk Server 2002 Developer Edition
+
Microsoft BizTalk Server 2002 Enterprise Edition
+
Microsoft Office 2000
+
Microsoft Project Central Server
+
Microsoft SharePoint Team Services from Microsoft
+
Microsoft Visio 2000 Enterprise Edition
+
Microsoft Visio Enterprise Network Tools
+
Microsoft Visual FoxPro 6.0
+
Microsoft Visual Studio 6.0
+
Microsoft Visual Studio .NET Academic Edition 0
+
Microsoft Visual Studio .NET Enterprise Architect Edition
+
Microsoft Visual Studio .NET Enterprise Developer Edition
+
Microsoft Visual Studio .NET Professional Edition
+
SmartMax Software MailMax 5.0
+
Veritas Software Backup Exec for Windows Servers 9.0
Microsoft SQL Server 2000 SP2
Microsoft SQL Server 2000 SP1
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6
-
Microsoft Windows NT 4.0 SP5
Microsoft SQL Server 2000
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6
-
Microsoft Windows NT 4.0 SP5
-
Microsoft Windows NT 4.0
|
|
|
|
Not Vulnerable:
|
Microsoft SQL Server 2000 SP3
|
|
|
