CVE-2002-0982

Microsoft SQL Server 2000 SP2 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0982. PoCs published by Cesar Cerrudo.

AI-analyzed exploit summary This exploit leverages the sp_MScopyscript stored procedure in Microsoft SQL Server 2000 to execute arbitrary OS commands via xp_cmdshell due to insufficient input validation. The attack requires the server to be configured as a distributor and exploits the 'public' role's default permissions.

Description

Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cesar Cerrudo · textremotewindows

https://www.exploit-db.com/exploits/21651

View Code ZIP pw:eip

This exploit leverages the sp_MScopyscript stored procedure in Microsoft SQL Server 2000 to execute arbitrary OS commands via xp_cmdshell due to insufficient input validation. The attack requires the server to be configured as a distributor and exploits the 'public' role's default permissions.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft SQL Server 2000

Auth required

Prerequisites: SQL Server 2000 configured as a distributor · SQL Server running in the context of a domain user · Ability to execute queries or pass input to a query

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=103004505027360&w=2

Scores

EPSS 0.0782

EPSS Percentile 93.9%

Details

Status published

Products (1)

microsoft/sql_server 2000 sp2

Published Sep 24, 2002

Tracked Since Feb 18, 2026