{"vuid":"VU#818939","idnumber":"818939","name":"Microsoft Windows SQL Server allows arbitrary queries to be executed via \"xp_displayparamstmt\" extended procedure","keywords":["Microsoft","Windows","SQL Server","arbitrary queries","xp_displayparamstmt","extended procedure","Q316333","MS02-043"],"overview":"MS SQL Server contains an extended stored procedure with inappropriate permission settings.","clean_desc":"Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xp_displayparamstmt, that permits an unprivileged user of a database to gain administrative access to the database. For more information, please see http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-043.asp and\nhttp://www.ngssoftware.com/advisories/mssql-esppu.txt This vulnerability was discovered David Litchfield of NGSSoftware.","impact":"An intruder can gain administrative access to a vulnerable SQL Server database.","resolution":"Apply a patch as described in http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-043.asp.","workarounds":"","sysaffected":"","thanks":"Thanks to David Litchfield for reporting this vulnerability.","author":"This document was written by Shawn V Hernan.","public":["http://www.microsoft.com/technet/security/bulletin/MS02-043.asp","http://www.ngssoftware.com/advisories/mssql-esppu.txt"],"cveids":["CVE-2002-0721"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-08-16T13:27:38Z","publicdate":"2002-08-16T00:00:00Z","datefirstpublished":"2002-08-16T22:16:25Z","dateupdated":"2002-08-16T22:16:36Z","revision":5,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"18","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"12.65625","cam_scorecurrentwidelyknown":"15.1875","cam_scorecurrentwidelyknownexploited":"25.3125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":12.65625,"vulnote":null}