Vulnerabilities > CVE-1999-1556 - Unspecified vulnerability in Microsoft SQL Server 6.5

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

microsoft

NVD

Published: 1998-06-29

Updated: 2017-10-10

Summary

Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft SQL Server 6.5	1

References

http://marc.info/?l=ntbugtraq&m=90222453431645&w=2
http://www.securityfocus.com/bid/109
https://exchange.xforce.ibmcloud.com/vulnerabilities/7354