Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:39
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html - | |
References | () http://marc.info/?l=bugtraq&m=102950473002959&w=2 - | |
References | () http://marc.info/?l=ntbugtraq&m=102950792606475&w=2 - | |
References | () http://www.kb.cert.org/vuls/id/399531 - US Government Resource | |
References | () http://www.kb.cert.org/vuls/id/818939 - US Government Resource | |
References | () http://www.kb.cert.org/vuls/id/939675 - US Government Resource | |
References | () http://www.ngssoftware.com/advisories/mssql-esppu.txt - | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043 - |
Information
Published : 2002-09-05 04:00
Updated : 2024-11-20 23:39
NVD link : CVE-2002-0721
Mitre link : CVE-2002-0721
CVE.ORG link : CVE-2002-0721
JSON object : View
Products Affected
microsoft
- sql_server
- data_engine
CWE