Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0232

5 documents4 sources

Severity

7.2HIGH

EPSS

6.0%

top 9.33%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Data Engine Microsoft SQL Server

Timeline

PublishedAug 27

Latest updateApr 29

Description

Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/sql_server2000, 7.0+1

▶NVDmicrosoft/data_engine1.0

Patches

Patch: www.atstake.com ↗Patch: www.atstake.com ↗

🔴Vulnerability Details

GHSA

GHSA-23x7-wjwv-f9j6: Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that↗2022-04-29

▶

CVEList

CVE-2003-0232: Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that↗2003-07-25

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows NT/2000/2003/2008/XP/Vista/7 - 'KiTrap0D' User Mode to Ring Escalation (MS10-015)↗2010-01-19

▶

Exploit-DB

Microsoft Windows SQL Server - Remote Denial of Service (MS03-031)↗2003-07-25

▶