CVE-2002-0969

Name of the Vulnerable Software and Affected Versions: MySQL versions 3.23.x through 3.23.49 MySQL versions 4.0 beta through 4.0.1

Description: A buffer overflow issue in the MySQL daemon allows local users to execute arbitrary code via a long datadir parameter in the my.ini initialization file. The permissions on Windows allow Full Control to the Everyone group, making the system vulnerable to exploitation.

Recommendations: For MySQL versions 3.23.x through 3.23.49, update to version 3.23.50 or later to resolve the issue. For MySQL versions 4.0 beta through 4.0.1, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the my.ini initialization file to prevent modification of the datadir parameter.