Lucene search

MitreCVE-2002-0721

HistorySep 05, 2002 - 4:00 a.m.

CVE-2002-0721

2002-09-0504:00:00

mitre

web.nvd.nist.gov

cve-2002-0721

microsoft sql server

weak permissions

extended stored procedures

unprivileged users

remote attackers

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.062

Percentile

93.6%

JSON

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.

Affected configurations

Nvd

Node

microsoftdata_engineMatch1.0

microsoftdata_engineMatch2000

microsoftsql_serverMatch7.0

microsoftsql_serverMatch7.0sp1

microsoftsql_serverMatch7.0sp2

microsoftsql_serverMatch7.0sp3

microsoftsql_serverMatch7.0sp4

microsoftsql_serverMatch2000

microsoftsql_serverMatch2000sp1

microsoftsql_serverMatch2000sp2

VendorProductVersionCPE
microsoftdata_engine1.0cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*
microsoftdata_engine2000cpe:2.3:a:microsoft:data_engine:2000:*:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*
microsoftsql_server7.0cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*
microsoftsql_server2000cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*
microsoftsql_server2000cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*
microsoftsql_server2000cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	data_engine	1.0	cpe:2.3:a:microsoft:data_engine:1.0:::::::*
microsoft	data_engine	2000	cpe:2.3:a:microsoft:data_engine:2000:::::::*
microsoft	sql_server	7.0	cpe:2.3:a:microsoft:sql_server:7.0:::::::*
microsoft	sql_server	7.0	cpe:2.3:a:microsoft:sql_server:7.0:sp1::::::
microsoft	sql_server	7.0	cpe:2.3:a:microsoft:sql_server:7.0:sp2::::::
microsoft	sql_server	7.0	cpe:2.3:a:microsoft:sql_server:7.0:sp3::::::
microsoft	sql_server	7.0	cpe:2.3:a:microsoft:sql_server:7.0:sp4::::::
microsoft	sql_server	2000	cpe:2.3:a:microsoft:sql_server:2000:::::::*
microsoft	sql_server	2000	cpe:2.3:a:microsoft:sql_server:2000:sp1::::::
microsoft	sql_server	2000	cpe:2.3:a:microsoft:sql_server:2000:sp2::::::

References

archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html

marc.info/?l=bugtraq&m=102950473002959&w=2

marc.info/?l=ntbugtraq&m=102950792606475&w=2

www.kb.cert.org/vuls/id/399531

www.kb.cert.org/vuls/id/818939

www.kb.cert.org/vuls/id/939675

www.ngssoftware.com/advisories/mssql-esppu.txt

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.062

Percentile

93.6%

JSON

Related for CVE-2002-0721