Vulnerabilities > CVE-2002-0218 - Unspecified vulnerability in SAS Base and SAS Integration Technologies
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0032.html
- http://online.securityfocus.com/archive/1/252847
- http://online.securityfocus.com/archive/1/252891
- http://www.iss.net/security_center/static/8018.php
- http://www.sas.com/service/techsup/unotes/SN/004/004201.html
- http://www.securityfocus.com/bid/3980