Microsoft SQL Server XP_CMDSHELL Program Execution
Gravità: : Medio
Data notifica: 21 luglio 2015
Descrizione
"xp_cmdshell" is an extended stored procedure provided by Microsoft and stored in the master database. This procedure allows you to issue operating system commands directly to the Windows command shell via T-SQL code. It is dangerous as it can be used by trojans and worms to gain access to the system.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1000917
Trend Micro Deep Security DPI Rule Name: 1000917 - Microsoft SQL Server XP_CMDSHELL Program Execution
Software e versione interessati:
- Microsoft SQL Server 2000
- Microsoft SQL Server 2000 SP1
- Microsoft SQL Server 2000 SP2
- Microsoft SQL Server Desktop Engine 2000
- Microsoft Server 2003
- Microsoft Server 2003 SP1
- Microsoft Server 2003 up to SP1