CVE-2003-0496
published 2003-08-18CVE-2003-0496: Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure…
PriorityP430high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
4.86%
90.9th percentile
Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (2)
exploitdb·2003-07-08
CVE-2003-0496 Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (2)
Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (2)
---
// source: https://www.securityfocus.com/bid/8128/info
It has been reported that Microsoft Windows does not properly handle named pipes through the CreateFile API. Because of this, an attacker may be able to gain access to the SYSTEM account.
/* tac0tac0.c - pay no attention to the name, long
story...
*
*
*
* Author: Maceo
* Modified to take advantage of CAN-2003-0496 Named
Pipe Filename
* Local Privilege Escalation Found by @stake. Use with
their advisory
* [email protected]
http://sh0dan.org/files/tac0tac0.c
*
*
* All credits for code go to Maceo, i really did
minimal work
* with his code, it took me like 3 seconds heh.
* Shouts to #innercircle,
*
*/
#include
#include
int main(int argc, char
Exploit-DB
Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (1)
exploitdb·2003-07-08
CVE-2003-0496 Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (1)
Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (1)
---
// source: https://www.securityfocus.com/bid/8128/info
It has been reported that Microsoft Windows does not properly handle named pipes through the CreateFile API. Because of this, an attacker may be able to gain access to the SYSTEM account.
/* tac0tac0.c - pay no attention to the name, long
story...
*
* Author: Maceo
* Modified to take advantage of CAN-2003-0496 Named
Pipe Filename
* Local Privilege Escalation Found by @stake. Use with
their Advisory.
* [email protected] http://sh0dan.org
*
*
* All credits for code go to Maceo, i really did
minimal work
* with his code, it took me like 3 seconds heh.
* Shouts to #innercircle,
*
*/
#include
#include
int main(int argc, char **argv)
{
DWORD dw
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0013.htmlhttp://marc.info/?l=bugtraq&m=105820282607865&w=2http://marc.info/?l=bugtraq&m=105830986720243&w=2http://www.atstake.com/research/advisories/2003/a070803-1.txthttp://archives.neohapsis.com/archives/vulnwatch/2003-q3/0013.htmlhttp://marc.info/?l=bugtraq&m=105820282607865&w=2http://marc.info/?l=bugtraq&m=105830986720243&w=2http://www.atstake.com/research/advisories/2003/a070803-1.txt
2003-08-18
Published