PT-2003-1398 · Microsoft+1 · Msde+1

Published

2003-08-01

Updated

2008-09-10

CVE-2003-0148

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: MSDE via McAfee ePolicy Orchestrator versions 2.0 through 3.0

Description: The issue allows attackers to execute arbitrary code by obtaining the database administrator username and encrypted password from the ePO server, cracking the password due to weak cryptography, and then using the password to pass commands through xp cmdshell().

Recommendations: For MSDE via McAfee ePolicy Orchestrator versions 2.0 through 3.0, consider restricting access to the xp cmdshell() function to minimize the risk of exploitation. Additionally, strengthen the password encryption to prevent cracking due to weak cryptography.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0148

Affected Products

Msde

Epolicy Orchestrator

PT-2003-1398 · Microsoft+1 · Msde+1

CVE-2003-0148

Related Identifiers

Affected Products

References · 4