Privilege Escalation in Microsoft SQL Server and MSDE Products
CVE-2002-1145

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Data Engine
Vendor: CVE Published:; 28 October 2002

Summary

The vulnerability allows unauthorized users to execute the xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server and MSDE. By exploiting weak permissions on the msdb.dbo.mswebtasks table, an attacker can update a webtask owned by the database owner, leading to elevated privileges. This poses significant risks to database integrity and confidentiality.

References

http://www.securityfocus.com/bid/5980

vdb-entryx_refsource_BID

http://www.nextgenss.com/advisories/mssql-webtasks.txt

x_refsource_MISC

http://www.iss.net/security_center/static/10388.php

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 28, 2002
Vulnerability Reserved
Sep 23, 2002