Buffer Overflow Vulnerability in Microsoft SQL Server and MSDE
CVE-2003-0232

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Data Engine
Vendor: CVE Published:; 27 August 2003

What is CVE-2003-0232?

Microsoft SQL Server 7, 2000, and MSDE have a vulnerability that allows local users to exploit the Local Procedure Calls (LPC) port to execute arbitrary code. This security issue arises from insufficient validation of input during the handling of requests through LPC, which can lead to a buffer overflow situation. Successfully exploiting this vulnerability might allow local users to execute unauthorized commands or gain elevated privileges on the affected server.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.kb.cert.org/vuls/id/584868

third-party-advisoryx_refsource_CERT-VN

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2003
Vulnerability Reserved
Apr 30, 2003