CVE Vulnerabilities

CVE-2003-0938

Published: Dec 15, 2003 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious NETAPI32.DLL in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure.

Affected Software

Name Vendor Start Version End Version
Sap_db Sap * 7.4.03.27 (including)

References