Privilege Escalation in Microsoft SQL Server and MSDE Products
CVE-2002-1145

Currently unrated

Key Information:

Vendor

Microsoft
Status
Sql Server
Data Engine
Vendor
CVE Published:
28 October 2002

What is CVE-2002-1145?

The vulnerability allows unauthorized users to execute the xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server and MSDE. By exploiting weak permissions on the msdb.dbo.mswebtasks table, an attacker can update a webtask owned by the database owner, leading to elevated privileges. This poses significant risks to database integrity and confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/5980
vdb-entryx_refsource_BID
http://www.nextgenss.com/advisories/mssql-webtasks.txt
x_refsource_MISC
http://www.iss.net/security_center/static/10388.php
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.