Privilege Escalation via xp_fileexist Extended Stored Procedure in Microsoft SQL Server

Privilege Escalation via xp_fileexist Extended Stored Procedure in Microsoft SQL Server

CVE-2003-0496 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.