Vulnerabilities > CVE-2001-0344 - Unspecified vulnerability in Microsoft SQL Server 2000/7.0

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

microsoft

NVD

Published: 2001-07-21

Updated: 2018-10-12

Summary

An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft SQL Server 7.0 Microsoft SQL Server 2000	2

Oval

accepted

2005-04-27T12:07:00.000-04:00

class

vulnerability

contributors

name Yi-Fang Koh
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation

description

An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.

family

windows

oval:org.mitre.oval:def:71

status

accepted

submitted

2003-06-24T12:00:00.000-04:00

title

Privilege Escalation Using Cached Admin Connection

version

Summary

Vulnerable Configurations

Oval

References