Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2003-0232 | First vendor Publication | 2003-08-27 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0232 |
OVAL Definitions
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2003-07-23 | Microsoft SQL Server 7.0/2000,MSDE Named Pipe Denial Of Service Vulnerability |
2003-07-25 | MS Windows SQL Server Denial of Service Remote Exploit (MS03-031) |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
10123 | Microsoft SQL Server LPC Packet Handling Local Overflow Microsoft SQL Server uses different ways of communicating with a client locally, one of them is over a LPC port. This port can by used by any local user to send information to the SQL Server service. By sending a specially crafted message to this port it is possible to overwrite information stored on the stack. This would allow an attacker to execute code under SQL Server's credentials thereby escalating privileges. This would then allow the user to read and write access to the database files. If the SQL Server is running under the Administrator or Local System account this would enable system compromise. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2003-07-24 | Name : Arbitrary code can be executed on the remote host through the SQL service. File : smb_nt_ms03-031.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:02:14 |
|
2024-02-01 12:01:26 |
|
2023-09-05 12:02:08 |
|
2023-09-05 01:01:17 |
|
2023-09-02 12:02:09 |
|
2023-09-02 01:01:17 |
|
2023-08-12 12:02:38 |
|
2023-08-12 01:01:18 |
|
2023-08-11 12:02:14 |
|
2023-08-11 01:01:19 |
|
2023-08-06 12:02:04 |
|
2023-08-06 01:01:19 |
|
2023-08-04 12:02:07 |
|
2023-08-04 01:01:19 |
|
2023-07-14 12:02:06 |
|
2023-07-14 01:01:19 |
|
2023-03-29 01:02:04 |
|
2023-03-28 12:01:24 |
|
2022-10-11 12:01:52 |
|
2022-10-11 01:01:11 |
|
2021-05-04 12:02:00 |
|
2021-04-22 01:02:08 |
|
2020-05-23 00:15:22 |
|
2018-10-13 00:22:26 |
|
2017-10-11 09:23:16 |
|
2016-04-26 12:31:26 |
|
2014-02-17 10:26:00 |
|
2013-05-11 11:50:55 |
|