CVE-2003-0148

Name of the Vulnerable Software and Affected Versions: MSDE via McAfee ePolicy Orchestrator versions 2.0 through 3.0

Description: The issue allows attackers to execute arbitrary code by obtaining the database administrator username and encrypted password from the ePO server, cracking the password due to weak cryptography, and then using the password to pass commands through xp cmdshell().

Recommendations: For MSDE via McAfee ePolicy Orchestrator versions 2.0 through 3.0, consider restricting access to the xp cmdshell() function to minimize the risk of exploitation. Additionally, strengthen the password encryption to prevent cracking due to weak cryptography.