CVE-2002-0721
HIGH severity · CVSS 10
10CVSS HIGH
Summary
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)46%
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html
- http://marc.info/?l=bugtraq&m=102950473002959&w=2
- http://marc.info/?l=ntbugtraq&m=102950792606475&w=2
- http://www.kb.cert.org/vuls/id/399531
- http://www.kb.cert.org/vuls/id/818939
- http://www.kb.cert.org/vuls/id/939675
- http://www.ngssoftware.com/advisories/mssql-esppu.txt
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043