CVE-2002-1138

CVE Database · CVE-2002-1138

CVE-2002-1138

· N/AModified

CVSS v3.1

N/A

EPSS

4.71%

Published

Oct 11, 2002

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."

Affected Products (10)

microsoft · data_enginevulnerable

microsoft · sql_servervulnerable

References (6)

http://www.ciac.org/ciac/bulletins/n-003.shtml

http://www.iss.net/security_center/static/10257.php

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056

http://www.ciac.org/ciac/bulletins/n-003.shtml

http://www.iss.net/security_center/static/10257.php

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056

KEV Catalog EPSS Scores Vendors All CVEs