CVE-2000-1209

Microsoft SQL Server <7.0 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2000-1209. PoCs published by Metasploit, David Kennedy, including Metasploit module exploits/windows/mssql/mssql_payload.

AI-analyzed exploit summary This Metasploit module exploits SQL injection vulnerabilities in Microsoft SQL Server to execute arbitrary payloads via xp_cmdshell. It supports multiple delivery methods including debug.exe, command stager, and PowerShell.

Description

The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16394

This Metasploit module exploits SQL injection vulnerabilities in Microsoft SQL Server to execute arbitrary payloads via xp_cmdshell. It supports multiple delivery methods including debug.exe, command stager, and PowerShell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft SQL Server
No auth needed
Prerequisites: SQL injection vulnerability in target application · xp_cmdshell enabled on MS SQL Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16395

This Metasploit module exploits Microsoft SQL Server by leveraging the 'xp_cmdshell' stored procedure to execute arbitrary payloads. It supports multiple delivery methods, including debug.com, command stager, and PowerShell, to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft SQL Server
Auth required
Prerequisites: Valid SQL Server credentials · Access to 'xp_cmdshell' stored procedure
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by David Kennedy · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/mssql_payload.rb

This Metasploit module exploits Microsoft SQL Server by leveraging the 'xp_cmdshell' stored procedure to execute arbitrary payloads. It supports multiple delivery methods, including PowerShell and command stager techniques, to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft SQL Server
Auth required
Prerequisites: Valid SQL Server credentials · Sysadmin privileges
devstral-2 · analyzed Mar 05, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/3570
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4797
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/635463
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/1459.php
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/273639
Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ313418
Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq321081
Various Sources mailing-list x_refsource_bugtraq
http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=96333895000350&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=96644570412692&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=96593218804850&w=2

Scores

EPSS 0.8843
EPSS Percentile 99.5%

Details

Status published
Products (9)
compaq/insight_manager 7.0 (2 CPE variants)
compaq/insight_manager_xe 1.1
compaq/insight_manager_xe 1.21
compaq/insight_manager_xe 2.1
compaq/insight_manager_xe 2.1b
compaq/insight_manager_xe 2.1c
compaq/insight_manager_xe 2.2
microsoft/data_engine 1.0
microsoft/msde 2000
Published Aug 12, 2002
Tracked Since Feb 18, 2026