Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0938

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2003-0938
Last Modified 05 Sep 2008 04:35:36
Published 15 Dec 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0938

Summary

vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure.

Vulnerable Systems

Application

  • Sap Db 7.4.03.27


References

ATSTAKE - A111703-1

XF - sapdb-NETAPI32-gain-privileges(13765)


Last Updated: 27 May 2016 10:38:06