CVE Vulnerabilities

CVE-2002-0721

Published: Sep 05, 2002 | Modified: Oct 12, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.

Affected Software

Name Vendor Start Version End Version
Data_engine Microsoft 1.0 1.0
Data_engine Microsoft 2000 2000
Sql_server Microsoft 7.0 7.0
Sql_server Microsoft 7.0 7.0
Sql_server Microsoft 7.0 7.0
Sql_server Microsoft 7.0 7.0
Sql_server Microsoft 7.0 7.0
Sql_server Microsoft 2000 2000
Sql_server Microsoft 2000 2000
Sql_server Microsoft 2000 2000

References