CyberSec.Space Logo
Back to CVE Browser

CVE-2002-0721

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1960%
EPSS Percentile33.39th
PublishedSep 5, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Data Engine

= 1.0
πŸ“¦
Microsoft

Data Engine

= 2000
πŸ“¦
Microsoft

Sql Server

= 7.0
πŸ“¦
Microsoft

Sql Server

= 7.0
πŸ“¦
Microsoft

Sql Server

= 7.0
πŸ“¦
Microsoft

Sql Server

= 7.0
πŸ“¦
Microsoft

Sql Server

= 7.0
πŸ“¦
Microsoft

Sql Server

= 2000
πŸ“¦
Microsoft

Sql Server

= 2000
πŸ“¦
Microsoft

Sql Server

= 2000

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html
πŸ”— http://marc.info/?l=bugtraq&m=102950473002959&w=2
πŸ”— http://marc.info/?l=ntbugtraq&m=102950792606475&w=2
πŸ”— http://www.kb.cert.org/vuls/id/399531
πŸ”— http://www.kb.cert.org/vuls/id/818939
πŸ”— http://www.kb.cert.org/vuls/id/939675
πŸ”— http://www.ngssoftware.com/advisories/mssql-esppu.txt
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043

Related Vulnerabilities

CVE-2002-114510.0

The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1...

CVE-2006-709510.0

Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows re...

CVE-2000-120910.0

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engi...

CVE-2009-129110.0

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterp...