Microsoft SQL Server Permissions Vulnerability in Aid of Remote Attacks
CVE-2002-0721

Currently unrated

Key Information:

Vendor
Microsoft
Status
Sql Server
Data Engine
Vendor
CVE Published:
5 September 2002

Summary

Microsoft SQL Server 7.0 and 2000 are susceptible to a permissions misconfiguration that allows unprivileged users to invoke extended stored procedures. The vulnerability arises from weak permissions set for procedures linked with helper functions, specifically through xp_execresultset, xp_printstatements, and xp_displayparamstmt. This setup can enable unauthorized execution of these stored procedures with administrative privileges, potentially compromising the security of the database system.

References

http://www.kb.cert.org/vuls/id/939675
third-party-advisoryx_refsource_CERT-VN
http://www.kb.cert.org/vuls/id/818939
third-party-advisoryx_refsource_CERT-VN
http://marc.info/?l=ntbugtraq&m=102950792606475&w=2
mailing-listx_refsource_NTBUGTRAQ

EPSS Score

54% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2002-0721 : Microsoft SQL Server Permissions Vulnerability in Aid of Remote Attacks | SecurityVulnerability.io