ByteOS Network

NVD Vulnerability Details :

CVE-2002-1145

Modified

Source-cve@mitre.org

Published At-28 Oct, 2002 | 05:00

Updated At-16 Apr, 2026 | 00:27

The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 10.0

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Microsoft Corporation

>>data_engine>>1.0

cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*

Microsoft Corporation

>>data_engine>>2000

cpe:2.3:a:microsoft:data_engine:2000:*:*:*:*:*:*:*

Microsoft Corporation

>>sql_server>>7.0

cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*

Microsoft Corporation

>>sql_server>>7.0

cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*

Microsoft Corporation

>>sql_server>>7.0

cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*

Microsoft Corporation

>>sql_server>>7.0

cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*

Microsoft Corporation

>>sql_server>>7.0

cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*

Microsoft Corporation

>>sql_server>>2000

cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*

Microsoft Corporation

>>sql_server>>2000

cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*

Microsoft Corporation

>>sql_server>>2000

cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://marc.info/?l=bugtraq&m=103487044122900&w=2	cve@mitre.org	N/A
http://marc.info/?l=ntbugtraq&m=103486356413404&w=2	cve@mitre.org	N/A
http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml	cve@mitre.org	N/A
http://www.iss.net/security_center/static/10388.php	cve@mitre.org	Vendor Advisory
http://www.nextgenss.com/advisories/mssql-webtasks.txt	cve@mitre.org	N/A
http://www.securityfocus.com/bid/5980	cve@mitre.org	N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061	cve@mitre.org	N/A
http://marc.info/?l=bugtraq&m=103487044122900&w=2	af854a3a-2127-422b-91ae-364da2661108	N/A
http://marc.info/?l=ntbugtraq&m=103486356413404&w=2	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.iss.net/security_center/static/10388.php	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.nextgenss.com/advisories/mssql-webtasks.txt	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/5980	af854a3a-2127-422b-91ae-364da2661108	N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061	af854a3a-2127-422b-91ae-364da2661108	N/A