CVE-2002-0721

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Data Engine
Vendor: CVE Published:; 5 September 2002

Summary

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.

References

http://www.kb.cert.org/vuls/id/939675

third-party-advisoryx_refsource_CERT-VN

http://www.kb.cert.org/vuls/id/818939

third-party-advisoryx_refsource_CERT-VN

http://marc.info/?l=ntbugtraq&m=102950792606475&w=2

mailing-listx_refsource_NTBUGTRAQ

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 5, 2002
Vulnerability Reserved
Jul 22, 2002

Collectors

NVD DatabaseMitre Database