Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2004-09-01T04:00:00
Updated: 2024-08-08T03:12:16.953Z
Reserved: 2002-09-23T00:00:00
Link: CVE-2002-1138
Vulnrichment
No data.
NVD
Status : Modified
Published: 2002-10-11T04:00:00.000
Modified: 2024-11-20T23:40:40.833
Link: CVE-2002-1138
Redhat
No data.