CVE-2002-0643

Name of the Vulnerable Software and Affected Versions Microsoft Data Engine 1.0 (MSDE 1.0) Microsoft SQL Server 2000

Description The installation process creates setup.iss files with insecure permissions and fails to delete them after installation, allowing local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges.

Recommendations For Microsoft Data Engine 1.0 (MSDE 1.0) and Microsoft SQL Server 2000, manually delete the setup.iss files created during installation to prevent unauthorized access to sensitive data. As a temporary workaround, consider restricting access to the setup.iss files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.