Description
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by David Litchfield · textremotewindows
https://www.exploit-db.com/exploits/21718
References (8)
Core 8
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/939675
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/818939
Mailing List mailing-list
x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=102950792606475&w=2
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043
Various Sources x_refsource_misc
http://www.ngssoftware.com/advisories/mssql-esppu.txt
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/399531
Third Party Advisory mailing-list
x_refsource_ntbugtraq
http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102950473002959&w=2
Scores
EPSS
0.4791
EPSS Percentile
97.7%
Details
Status
published
Products (4)
microsoft/data_engine
1.0
microsoft/data_engine
2000
microsoft/sql_server
7.0 (5 CPE variants)
microsoft/sql_server
2000 (3 CPE variants)
Published
Sep 05, 2002
Tracked Since
Feb 18, 2026