CVE-1999-1556

high

Microsoft

CVSS v3 Base Score

7.2

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Score

0.7%

Exploitation probability in 30 days

Top 29% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: June 29, 1998 (10181 days ago)

Last Modified: April 16, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.

CWE

NVD-CWE-Other

Affected Products

microsoft sql server

References

🔗 marc.info 🔗 www.securityfocus.com 🔗 exchange.xforce.ibmcloud.com 🔗 marc.info 🔗 www.securityfocus.com

CVE-1999-1556

Vulnerability Report

Description

CWE

Affected Products

References