Named Pipe Hijacking Vulnerability in Microsoft SQL Server
CVE-2003-0230

Currently unrated

Key Information:

Vendor
Microsoft
Status
Sql Server
Data Engine
Vendor
CVE Published:
27 August 2003

Summary

The 'Named Pipe Hijacking' vulnerability in Microsoft SQL Server 7, 2000, and MSDE allows local users to exploit misconfigured security mechanisms. By hijacking a named pipe during the authentication process of another user, an attacker can gain unauthorized privileges. This flaw underscores the importance of securing local environments and validating user authentication methods to prevent exploitation.

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://www.kb.cert.org/vuls/id/556356
third-party-advisoryx_refsource_CERT-VN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2003-0230 : Named Pipe Hijacking Vulnerability in Microsoft SQL Server | SecurityVulnerability.io