CVEブラウザに戻る

CVE-2002-1145

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1140%

EPSS Percentile16.78th

Published2002年10月28日

Last Modified2026年4月16日

Vulnerability Description

The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.

Affected Platforms (CPE)

📦

Microsoft

Data Engine

= 1.0

📦

Microsoft

Data Engine

= 2000

📦

Microsoft

Sql Server

= 7.0

📦

Microsoft

Sql Server

= 7.0

📦

Microsoft

Sql Server

= 7.0

📦

Microsoft

Sql Server

= 7.0

📦

Microsoft

Sql Server

= 7.0

📦

Microsoft

Sql Server

= 2000

📦

Microsoft

Sql Server

= 2000

📦

Microsoft

Sql Server

= 2000

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=103487044122900&w=2

🔗 http://marc.info/?l=ntbugtraq&m=103486356413404&w=2

🔗 http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml

🔗 http://www.iss.net/security_center/static/10388.php

🔗 http://www.nextgenss.com/advisories/mssql-webtasks.txt

🔗 http://www.securityfocus.com/bid/5980

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061

🔗 http://marc.info/?l=bugtraq&m=103487044122900&w=2

関連する脆弱性情報

CVE-2006-709510.0

Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows re...

CVE-2009-129110.0

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterp...

CVE-2000-120910.0

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engi...

CVE-2012-153010.0

Heap-based buffer overflow in the XSLT engine in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11...