Unrated severityNVD Advisory· Published Sep 5, 2002· Updated Apr 16, 2026
CVE-2002-0721
CVE-2002-0721
Description
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
Affected products
10cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_engine:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.kb.cert.org/vuls/id/399531nvdUS Government Resource
- www.kb.cert.org/vuls/id/818939nvdUS Government Resource
- www.kb.cert.org/vuls/id/939675nvdUS Government Resource
- archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.htmlnvd
- marc.infonvd
- marc.infonvd
- www.ngssoftware.com/advisories/mssql-esppu.txtnvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043nvd
News mentions
0No linked articles in our index yet.