CVE-2003-0230

CWE-264 CWE-4215 documents5 sources

Severity

7.2HIGH

EPSS

1.4%

top 19.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Data Engine Microsoft SQL Server

Timeline

PublishedAug 27

Latest updateApr 29

Description

Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/sql_server2000, 7.0+1

▶NVDmicrosoft/data_engine1.0

🔴Vulnerability Details

GHSA

GHSA-q8hv-377q-25pw: Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka↗2022-04-29

▶

CVEList

CVE-2003-0230: Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka↗2003-07-25

▶

💥Exploits & PoCs

Exploit-DB

TCP Connection Reset - Remote Denial of Service↗2004-04-23

▶

📐Framework References

CWE

Race Condition During Access to Alternate Channel

▶