Local Privilege Escalation in SAP Database Server by Malicious DLL
CVE-2003-0938

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Db
Vendor: CVE Published:; 15 December 2003

What is CVE-2003-0938?

The vulnerability in the SAP database server (SAP DB) occurs when a local user exploits a flaw in how the software handles loading of dynamic link libraries. Specifically, a maliciously crafted 'NETAPI32.DLL' placed in the current working directory can be loaded before the legitimate DLL, allowing the attacker to gain SYSTEM privileges. This exploit is facilitated by the SQLAT stored procedure, making it critical for administrators to ensure proper security measures and updates are in place to mitigate the risk associated with this vulnerability.

References

http://www.atstake.com/research/advisories/2003/a111703-1...

vendor-advisoryx_refsource_ATSTAKE

https://exchange.xforce.ibmcloud.com/vulnerabilities/13765

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2003
Vulnerability Reserved
Nov 11, 2003