Arbitrary Code Execution Vulnerability in SAS/Base 8.0

Arbitrary Code Execution Vulnerability in SAS/Base 8.0

CVE-2002-2017 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.

Learn more about our User Device Pen Test.