CVE-2003-0938

Name of the Vulnerable Software and Affected Versions SAP DB versions 7.4.03.27 and earlier

Description The issue allows local users to gain SYSTEM privileges by exploiting a malicious "NETAPI32.DLL" in the current working directory. This DLL is loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure.

Recommendations For SAP DB versions 7.4.03.27 and earlier, consider restricting access to the SQLAT stored procedure until a fix is available. As a temporary workaround, ensure that no malicious "NETAPI32.DLL" is present in the current working directory to prevent unauthorized privilege escalation.