CyberSec.Space Logo
Back to CVE Browser

CVE-2002-1145

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1140%
EPSS Percentile16.78th
PublishedOct 28, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Data Engine

= 1.0
πŸ“¦
Microsoft

Data Engine

= 2000
πŸ“¦
Microsoft

Sql Server

= 7.0
πŸ“¦
Microsoft

Sql Server

= 7.0
πŸ“¦
Microsoft

Sql Server

= 7.0
πŸ“¦
Microsoft

Sql Server

= 7.0
πŸ“¦
Microsoft

Sql Server

= 7.0
πŸ“¦
Microsoft

Sql Server

= 2000
πŸ“¦
Microsoft

Sql Server

= 2000
πŸ“¦
Microsoft

Sql Server

= 2000

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=103487044122900&w=2
πŸ”— http://marc.info/?l=ntbugtraq&m=103486356413404&w=2
πŸ”— http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml
πŸ”— http://www.iss.net/security_center/static/10388.php
πŸ”— http://www.nextgenss.com/advisories/mssql-webtasks.txt
πŸ”— http://www.securityfocus.com/bid/5980
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061
πŸ”— http://marc.info/?l=bugtraq&m=103487044122900&w=2

Related Vulnerabilities

CVE-2006-709510.0

Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows re...

CVE-2009-129110.0

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterp...

CVE-2000-120910.0

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engi...

CVE-2012-153010.0

Heap-based buffer overflow in the XSLT engine in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11...