CVE-2002-0643 | Vulnerability Database | Aqua Security

The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka SQL Server Installation Process May Leave Passwords on System.

Affected Software

Name	Vendor	Start Version	End Version
Data_engine	Microsoft	1.0 (including)	1.0 (including)
Sql_server	Microsoft	7.0 (including)	7.0 (including)
Sql_server	Microsoft	7.0-sp1 (including)	7.0-sp1 (including)
Sql_server	Microsoft	7.0-sp2 (including)	7.0-sp2 (including)
Sql_server	Microsoft	7.0-sp3 (including)	7.0-sp3 (including)
Sql_server	Microsoft	2000 (including)	2000 (including)
Sql_server	Microsoft	2000-sp1 (including)	2000-sp1 (including)
Sql_server	Microsoft	2000-sp2 (including)	2000-sp2 (including)

References

http://marc.info/?l=bugtraq\u0026m=102640092826731\u0026w=2
http://marc.info/?l=vuln-dev\u0026m=102640394131103\u0026w=2
http://www.kb.cert.org/vuls/id/338195
http://www.securityfocus.com/bid/5203
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-035
http://marc.info/?l=bugtraq\u0026m=102640092826731\u0026w=2
http://marc.info/?l=vuln-dev\u0026m=102640394131103\u0026w=2
http://www.kb.cert.org/vuls/id/338195
http://www.securityfocus.com/bid/5203
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-035

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0643
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html