Vulnerability Description
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Data Engine | 1.0 |
| Microsoft | Sql Server | 7.0 |
References
- http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html
- http://marc.info/?l=bugtraq&m=102950473002959&w=2
- http://marc.info/?l=ntbugtraq&m=102950792606475&w=2
- http://www.kb.cert.org/vuls/id/399531US Government Resource
- http://www.kb.cert.org/vuls/id/818939US Government Resource
- http://www.kb.cert.org/vuls/id/939675US Government Resource
- http://www.ngssoftware.com/advisories/mssql-esppu.txt
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-04
- http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html
- http://marc.info/?l=bugtraq&m=102950473002959&w=2
- http://marc.info/?l=ntbugtraq&m=102950792606475&w=2
- http://www.kb.cert.org/vuls/id/399531US Government Resource
- http://www.kb.cert.org/vuls/id/818939US Government Resource
- http://www.kb.cert.org/vuls/id/939675US Government Resource
- http://www.ngssoftware.com/advisories/mssql-esppu.txt
FAQ
What is CVE-2002-0721?
CVE-2002-0721 is a vulnerability with a CVSS score of 10.0 (HIGH). Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote att...
How severe is CVE-2002-0721?
CVE-2002-0721 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0721?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Data Engine, Microsoft Sql Server.