← CVECheck
HomeVulnerabilities

CVE-2003-0496 — HIGH severity vulnerability (Microsoft SQL Server before Windows 2000 SP4 allows local us)

Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.

CVE IDCVE-2003-0496
SeverityHIGH
CVSS score7.2
CVSS vectorAV:L/AC:L/Au:N/C:C/I:C/A:C
CWENVD-CWE-Other
StatusModified
Published2003-08-18
Last modified2026-04-16
DescriptionMicrosoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →