返回 CVE 瀏覽器

CVE-2002-0721

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1960%

EPSS Percentile33.39th

Published2002年9月5日

Last Modified2026年4月16日

Vulnerability Description

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.

Affected Platforms (CPE)

📦

Microsoft

Data Engine

= 1.0

📦

Microsoft

Data Engine

= 2000

📦

Microsoft

Sql Server

= 7.0

📦

Microsoft

Sql Server

= 7.0

📦

Microsoft

Sql Server

= 7.0

📦

Microsoft

Sql Server

= 7.0

📦

Microsoft

Sql Server

= 7.0

📦

Microsoft

Sql Server

= 2000

📦

Microsoft

Sql Server

= 2000

📦

Microsoft

Sql Server

= 2000

References & Advisories

🔗 http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html

🔗 http://marc.info/?l=bugtraq&m=102950473002959&w=2

🔗 http://marc.info/?l=ntbugtraq&m=102950792606475&w=2

🔗 http://www.kb.cert.org/vuls/id/399531

🔗 http://www.kb.cert.org/vuls/id/818939

🔗 http://www.kb.cert.org/vuls/id/939675

🔗 http://www.ngssoftware.com/advisories/mssql-esppu.txt

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043

相關漏洞威脅

CVE-2002-114510.0

The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1...

CVE-2006-709510.0

Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows re...

CVE-2000-120910.0

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engi...

CVE-2009-129110.0

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterp...