CVE-2002-0721

Sažetak

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.

Reference

http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html
http://marc.info/?l=bugtraq&m=102950473002959&w=2
http://marc.info/?l=ntbugtraq&m=102950792606475&w=2
http://www.kb.cert.org/vuls/id/399531
http://www.kb.cert.org/vuls/id/818939
http://www.kb.cert.org/vuls/id/939675
http://www.ngssoftware.com/advisories/mssql-esppu.txt
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

12-10-2018 - 21:31

Objavljeno

05-09-2002 - 04:00