CVE-2002-1138

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server versions 7.0 through 2000 Microsoft Data Engine (MSDE) version 1.0 Microsoft Desktop Engine (MSDE) version 2000

Description: The issue allows attackers to overwrite system files due to the software writing output files for scheduled jobs under its own privileges instead of the entity that launched it.

Recommendations: For Microsoft SQL Server versions 7.0 through 2000, consider restricting access to scheduled jobs to minimize the risk of exploitation. For Microsoft Data Engine (MSDE) version 1.0, restrict the ability to write output files for scheduled jobs to prevent system file overwrites. For Microsoft Desktop Engine (MSDE) version 2000, limit the privileges of the entity launching scheduled jobs to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.