ByteOS Network

NVD Vulnerability Details :

CVE-2002-0643

Deferred

Source-cve@mitre.org

Published At-23 Jul, 2002 | 04:00

Updated At-03 Apr, 2025 | 01:03

The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 4.6

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://marc.info/?l=bugtraq&m=102640092826731&w=2	cve@mitre.org	N/A
http://marc.info/?l=vuln-dev&m=102640394131103&w=2	cve@mitre.org	N/A
http://www.kb.cert.org/vuls/id/338195	cve@mitre.org	US Government Resource
http://www.securityfocus.com/bid/5203	cve@mitre.org	N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-035	cve@mitre.org	N/A
http://marc.info/?l=bugtraq&m=102640092826731&w=2	af854a3a-2127-422b-91ae-364da2661108	N/A
http://marc.info/?l=vuln-dev&m=102640394131103&w=2	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.kb.cert.org/vuls/id/338195	af854a3a-2127-422b-91ae-364da2661108	US Government Resource
http://www.securityfocus.com/bid/5203	af854a3a-2127-422b-91ae-364da2661108	N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-035	af854a3a-2127-422b-91ae-364da2661108	N/A