CVE-2002-1145

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Data Engine
Vendor: CVE Published:; 28 October 2002

Summary

The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.

References

http://www.securityfocus.com/bid/5980

vdb-entryx_refsource_BID

http://www.nextgenss.com/advisories/mssql-webtasks.txt

x_refsource_MISC

http://www.iss.net/security_center/static/10388.php

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 28, 2002
Vulnerability Reserved
Sep 23, 2002

Collectors

NVD DatabaseMitre Database