cpe:/a:mcafee:epolicy_orchestrator:2.0 cpe:/a:mcafee:epolicy_orchestrator:2.5 cpe:/a:mcafee:epolicy_orchestrator:2.5:sp1 cpe:/a:mcafee:epolicy_orchestrator:2.5.1 cpe:/a:mcafee:epolicy_orchestrator:3.0 CVE-2003-0148 2003-08-27T00:00:00.000-04:00 2008-09-10T15:18:05.197-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS ATSTAKE A073103-1 CONFIRM http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell.