CVE-2002-0642

high

Description

The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1025

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034

http://www.securityfocus.com/bid/5205

http://www.kb.cert.org/vuls/id/796313

http://www.iss.net/security_center/static/9523.php

http://www.cert.org/advisories/CA-2002-22.html

Details

Source: Mitre, NVD

Published: 2002-07-23

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.49698