Named Pipe Hijacking Vulnerability in Microsoft SQL Server
CVE-2003-0230

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Data Engine
Vendor: CVE Published:; 27 August 2003

What is CVE-2003-0230?

The 'Named Pipe Hijacking' vulnerability in Microsoft SQL Server 7, 2000, and MSDE allows local users to exploit misconfigured security mechanisms. By hijacking a named pipe during the authentication process of another user, an attacker can gain unauthorized privileges. This flaw underscores the importance of securing local environments and validating user authentication methods to prevent exploitation.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.kb.cert.org/vuls/id/556356

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2003
Vulnerability Reserved
Apr 30, 2003