Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0721

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-0721
Last Modified 10 Sep 2008 03:12:46
Published 05 Sep 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0721

Summary

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.

Vulnerable Systems

Application

  • Microsoft Data Engine 1.0

  • Microsoft Data Engine 2000

  • Microsoft Sql Server 2000

  • Microsoft Sql Server 7.0


References

CERT-VN - VU#939675

CERT-VN - VU#818939

CERT-VN - VU#399531

MS - MS02-043

MISC - http://www.ngssoftware.com/advisories/mssql-esppu.txt

NTBUGTRAQ - 20020816 Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A)

NTBUGTRAQ - 20020815 Alert: Microsoft Security Bulletin - MS02-043


Last Updated: 27 May 2016 10:37:02