CVE-2003-0938

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Db
Vendor: CVE Published:; 15 December 2003

Summary

vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure.

References

http://www.atstake.com/research/advisories/2003/a111703-1...

vendor-advisoryx_refsource_ATSTAKE

https://exchange.xforce.ibmcloud.com/vulnerabilities/13765

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 15, 2003
Vulnerability Reserved
Nov 11, 2003