← CVECheck
HomeVulnerabilities

CVE-2003-0938 — HIGH severity vulnerability (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earli)

vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure.

CVE IDCVE-2003-0938
SeverityHIGH
CVSS score7.2
CVSS vectorAV:L/AC:L/Au:N/C:C/I:C/A:C
CWENVD-CWE-Other
StatusModified
Published2003-12-15
Last modified2026-04-16
Descriptionvos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →