CVE-2003-0148
McAfee ePolicy Orchestrator MSDE - xp_cmdshell Command Execution
Title source: manualDescription
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell.
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_atstake
http://www.atstake.com/research/advisories/2003/a073103-1.txt
Patch, Vendor Advisory x_refsource_confirm
http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
Scores
EPSS
0.0007
EPSS Percentile
22.0%
Details
Status
published
Products (4)
mcafee/epolicy_orchestrator
2.0
mcafee/epolicy_orchestrator
2.5 (2 CPE variants)
mcafee/epolicy_orchestrator
2.5.1
mcafee/epolicy_orchestrator
3.0
Published
Aug 27, 2003
Tracked Since
Feb 18, 2026