CVE-2000-1209

CVE Database · CVE-2000-1209

CVE-2000-1209

· N/AModified

CVSS v3.1

N/A

EPSS

87.31%

Published

Aug 12, 2002

Modified

Apr 15, 2026

Public PoC / Exploit (3)

All weaponized →

Exploit-DBMicrosoft SQL Server - Payload Execution (Metasploit)Exploit-DBMicrosoft SQL Server - Payload Execution (via SQL Injection) (Metasploit)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.

Affected Products (10)

compaq · insight_managervulnerable

compaq · insight_manager_xevulnerable

microsoft · data_enginevulnerable

microsoft · msdevulnerable

References (20)

http://marc.info/?l=bugtraq&m=96333895000350&w=2

http://marc.info/?l=bugtraq&m=96593218804850&w=2

http://marc.info/?l=bugtraq&m=96644570412692&w=2

http://online.securityfocus.com/archive/1/273639

http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html

http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ313418

http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq321081

http://www.iss.net/security_center/static/1459.php

PatchVendor Advisory

http://www.kb.cert.org/vuls/id/635463

PatchThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs