CVE-2003-0496 — HIGH severity vulnerability (Microsoft SQL Server before Windows 2000 SP4 allows local us)
Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
| CVE ID | CVE-2003-0496 |
|---|---|
| Severity | HIGH |
| CVSS score | 7.2 |
| CVSS vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| CWE | NVD-CWE-Other |
| Status | Modified |
| Published | 2003-08-18 |
| Last modified | 2026-04-16 |
| Description | Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →