CVE-2002-0642

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server 2000 (affected versions not specified) Microsoft SQL Server Desktop Engine (MSDE) 2000 (affected versions not specified)

Description The issue concerns insecure permissions on a registry key in Microsoft SQL Server 2000, including MSDE 2000, which contains SQL Server service account information. This allows local users to gain privileges.

Recommendations For Microsoft SQL Server 2000, update the permissions on the registry key containing the SQL Server service account information to prevent local users from gaining privileges. For Microsoft SQL Server Desktop Engine (MSDE) 2000, update the permissions on the registry key containing the SQL Server service account information to prevent local users from gaining privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.