PT-2003-1669 · Microsoft · Sql Server
Published
2003-07-10
·
Updated
2019-04-30
·
CVE-2003-0496
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Microsoft SQL Server versions prior to Windows 2000 SP4
Description:
The issue allows local users to gain privileges as the SQL Server user. This is achieved by calling the
xp fileexist extended stored procedure with a named pipe as an argument instead of a normal file.Recommendations:
For Microsoft SQL Server versions prior to Windows 2000 SP4, consider restricting access to the
xp fileexist extended stored procedure to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sql Server