CVE-2002-0721

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server versions 7.0 through 2000

Description The issue concerns weak permissions for extended stored procedures associated with helper functions. This could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp execresultset, (2) xp printstatements, or (3) xp displayparamstmt.

Recommendations For Microsoft SQL Server versions 7.0 through 2000, consider restricting access to the extended stored procedures xp execresultset, xp printstatements, and xp displayparamstmt to minimize the risk of exploitation. As a temporary workaround, limit the privileges of unprivileged users to prevent them from running stored procedures with administrator privileges.