VYPR
Unrated severityNVD Advisory· Published Aug 18, 2003· Updated Jun 16, 2026

CVE-2003-0496

CVE-2003-0496

Description

Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*
  • Range: < Windows 2000 SP4 (SQL Server version not explicitly specified but implied by OS version)

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.