CVE-2002-1138

Sažetak

Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."

Reference

http://www.ciac.org/ciac/bulletins/n-003.shtml
http://www.iss.net/security_center/static/10257.php
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

12-10-2018 - 21:31

Objavljeno

11-10-2002 - 04:00