CVE-2003-0148

Published: Aug 27, 2003Modified: Apr 16, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell.

Affected (5)

Products: Mcafee: Epolicy Orchestrator

Mcafee

1 product

Epolicy Orchestrator

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Mcafee Epolicy Orchestrator	Version 2.0
Mcafee Epolicy Orchestrator	Version 2.5.1
Mcafee Epolicy Orchestrator	Version 2.5
Mcafee Epolicy Orchestrator	Version 2.5 sp1
Mcafee Epolicy Orchestrator	Version 3.0

References (4)

http://www.atstake.com/research/advisories/2003/a073103-1.txt

Source: cve@mitre.org

PatchVendor Advisory

http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp

Source: cve@mitre.org

PatchVendor Advisory

http://www.atstake.com/research/advisories/2003/a073103-1.txt

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.