Back to search
CVE-2003-0496
Published: Jul 10, 2003
Modified: Aug 8, 2024
PUBLISHED
Description
Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20030714 @stake named pipe exploit
mailing-list
x_refsource_BUGTRAQ
A070803-1
vendor-advisory
x_refsource_ATSTAKE
20030715 CreateFile exploit, (working)
mailing-list
x_refsource_BUGTRAQ
20030709 Pipe Filename Local Privilege Escalation FAQ
mailing-list
x_refsource_VULNWATCH
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now