Back to search
CVE-2002-0721
Published: Aug 20, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
VU#939675
third-party-advisory
x_refsource_CERT-VN
VU#818939
third-party-advisory
x_refsource_CERT-VN
20020816 Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A)
mailing-list
x_refsource_NTBUGTRAQ
MS02-043
vendor-advisory
x_refsource_MS
http://www.ngssoftware.com/advisories/mssql-esppu.txt
x_refsource_MISC
VU#399531
third-party-advisory
x_refsource_CERT-VN
20020815 Alert: Microsoft Security Bulletin - MS02-043
mailing-list
x_refsource_NTBUGTRAQ
20020816 Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A)
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now