PT-2003-1669 · Microsoft · Sql Server
Publicado
2003-07-10
·
Atualizado
2019-04-30
·
CVE-2003-0496
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Microsoft SQL Server versions prior to Windows 2000 SP4
Description:
The issue allows local users to gain privileges as the SQL Server user. This is achieved by calling the
xp fileexist extended stored procedure with a named pipe as an argument instead of a normal file.Recommendations:
For Microsoft SQL Server versions prior to Windows 2000 SP4, consider restricting access to the
xp fileexist extended stored procedure to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Sql Server