Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0496

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2003-0496
Last Modified 10 Sep 2008 03:19:11
Published 18 Aug 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0496

Summary

Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2000 Terminal Services


References

ATSTAKE - A070803-1

VULNWATCH - 20030709 Pipe Filename Local Privilege Escalation FAQ

BUGTRAQ - 20030715 CreateFile exploit, (working)

BUGTRAQ - 20030714 @stake named pipe exploit


Last Updated: 27 May 2016 10:37:56