Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0721

4 documents4 sources
Severity
10.0CRITICAL
EPSS
47.9%
top 2.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Data EngineMicrosoft SQL Server
Timeline
PublishedSep 5
Latest updateApr 30

Description

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/sql_server2000, 7.0+1
NVDmicrosoft/data_engine1.0, 2000+1

🔴Vulnerability Details

2
GHSA
GHSA-277j-v78r-mm9w: Microsoft SQL Server 72022-04-30
CVEList
CVE-2002-0721: Microsoft SQL Server 72002-08-20

💥Exploits & PoCs

1
Exploit-DB
Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation2002-08-15
CVE-2002-0721 (CRITICAL CVSS 10) | Microsoft SQL Server 7.0 and 2000 i | cvebase.io