CVE-2001-0542

critical

Description

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A83

https://exchange.xforce.ibmcloud.com/vulnerabilities/7724

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060

http://www.securityfocus.com/bid/3733

http://www.kb.cert.org/vuls/id/700575

http://www.atstake.com/research/advisories/2001/a122001-1.txt

http://marc.info/?l=bugtraq&m=100891252317406&w=2

Details

Source: Mitre, NVD

Published: 2001-12-20

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.10361