CVE-2002-0721 Information
Description
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions which could allow unprivileged users and possibly remote attackers to run stored procedures with administrator privileges via (1) xp_execresultset (2) xp_printstatements or (3) xp_displayparamstmt.
Reference
http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html http://marc.info/?l=bugtraq&m=102950473002959&w=2 http://marc.info/?l=ntbugtraq&m=102950792606475&w=2 http://www.kb.cert.org/vuls/id/399531 http://www.kb.cert.org/vuls/id/818939 http://www.kb.cert.org/vuls/id/939675 http://www.ngssoftware.com/advisories/mssql-esppu.txt https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043
Share on: