Published: 18/08/2003 Updated: 30/04/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 730

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Subscribe to Windows 2000

Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 2000
microsoft windows 2000 terminal services

source: wwwsecurityfocuscom/bid/8128/info It has been reported that Microsoft Windows does not properly handle named pipes through the CreateFile API Because of this, an attacker may be able to gain access to the SYSTEM account /* tac0tac0c - pay no attention to the name, long story * * * * Author: Maceo * Modified t ...

source: wwwsecurityfocuscom/bid/8128/info It has been reported that Microsoft Windows does not properly handle named pipes through the CreateFile API Because of this, an attacker may be able to gain access to the SYSTEM account /* tac0tac0c - pay no attention to the name, long story * * Author: Maceo * Modified to take a ...

NVD-CWE-Other http://www.atstake.com/research/advisories/2003/a070803-1.txt http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0013.html http://marc.info/?l=bugtraq&m=105820282607865&w=2 http://marc.info/?l=bugtraq&m=105830986720243&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/22883/

CVE-2003-0496

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect