CVE-2003-0496

Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*

History

No history.

Information

Published : 2003-08-18 04:00

Updated : 2024-02-04 16:31


NVD link : CVE-2003-0496

Mitre link : CVE-2003-0496

CVE.ORG link : CVE-2003-0496


JSON object : View

Products Affected

microsoft

  • windows_2000_terminal_services
  • windows_2000