CVE-2003-0938

2003-12-15T00:00:00
ID CVE-2003-0938
Type cve
Reporter NVD
Modified 2017-07-10T21:29:38

Description

vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure.