CVE-2003-0232

Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls LPC port that leads to a buffer overflow...

AppSecInc Security Alert: Buffer Overflow in UDP broadcasts for Microsoft SQL Server client utilities

Buffer Overflow in UDP broadcasts for Microsoft SQL Server client utilities Risk level: High Summary: A Unicode buffer overflow exists in MDAC which is used by the SQL Server SQL-DMO library that could allow a remote user to execute malicious code on the target computer. The vulnerability does no...

CVE-2003-0496

Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xpfileexist extended stored procedure with a named pipe as an argument instead of a normal file...

Microsoft SQL Server becomes unresponsive when large packet is sent to specific named pipe

Overview A vulnerability in Microsoft SQL Server may allow a local attacker to cause a denial of service. An exploit for this vulnerability is publicly available. Description Microsoft describes SQL Server as, "a fully enterprise-class database product, providing core support for Extensible Marku...

CVE-2003-0230

Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability...

CVE-2003-0231

Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service crash or hang via a long request to a named pipe...

CVE-2003-0232

Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls LPC port that leads to a buffer overflow...

CVE-2003-0231

Summary: CVE-2003-0231 affects Microsoft SQL Server 7.0, SQL Server 2000, and MSDE. A long request to a named pipe can trigger a denial of service, making the server unresponsive for local or remote authenticated users. The issue arises from how SQL Server interprets a return code from a named-pi...

Microsoft Windows SQL Server - Remote Denial of Service (MS03-031)

//////////////////////////////////////////////////////////////// // // Microsoft SQL Server DoS Remote Exploit MS03-031 // By refdom of xfocus // //////////////////////////////////////////////////////////////// include include include void Usage printf"\n"; printf"exp for Microsoft SQL Server...

MS Windows SQL Server Denial of Service Remote Exploit (MS03-031)

Exploit for unknown platform in category dos / poc ================================================================= MS Windows SQL Server Denial of Service Remote Exploit MS03-031 =================================================================...

MS Windows SQL Server Denial of Service Remote Exploit (MS03-031)

No description provided by source. //////////////////////////////////////////////////////////////// // // Microsoft SQL Server DoS Remote Exploit MS03-031 // By refdom of xfocus // //////////////////////////////////////////////////////////////// include stdio.h include stdlib.h include windows.h...

Microsoft Windows SQL Server - Remote Denial of Service (MS03-031)

Microsoft Windows SQL Server - Remote Denial of Service MS03-031 //////////////////////////////////////////////////////////////// // // Microsoft SQL Server DoS Remote Exploit MS03-031 // By refdom of xfocus // //////////////////////////////////////////////////////////////// include include inclu...

Microsoft Security Bulletin MS03-031: Cumulative Patch for Microsoft SQL Server (Q815495)

-----BEGIN PGP SIGNED MESSAGE----- - ----------------------------------------------------------------- Title: Cumulative Patch for Microsoft SQL Server 815495 Date: 23 July 2003 Software: - Microsoft SQL Server 7.0 - Microsoft Data Engine MSDE 1.0 - Microsoft SQL Server 2000 - Microsoft SQL Serve...

Multiple bugs in Microsoft SQL Server

Buffer overflow in LPC request, DoS via RPC request, named pipe impersonalization...

Microsoft SQL Server DoS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake Inc. www.atstake.com Security Advisory Advisory Name: Microsoft SQL Server DoS Release Date: 07/23/2003 Application: Microsoft SQL Server 7, 2000, MSDE Platform: Windows NT/2000/XP Severity: Denial of Service Author: Andreas Junestam...

Microsoft SQL Server local code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake Inc. www.atstake.com Security Advisory Advisory Name: Microsoft SQL Server local code execution Release Date: 07/23/2003 Application: Microsoft SQL Server 7, 2000, MSDE Platform: Windows NT/2000/XP Severity: Local code execution / Denial of...

Microsoft SQL Server contains flaw in checking method for the named pipe

Overview A vulnerability in Microsoft SQL Server may allow an attacker to hijack a named pipe. An attacker may be able to leverage this vulnerability to gain elevated privileges. Description Microsoft describes a named pipe as, "a specifically named one-way or two-way channel for communication...

Microsoft SQL Server 7.0/2000 / MSDE - Named Pipe Denial of Service (MS03-031)

source: https://www.securityfocus.com/bid/8274/info Microsoft SQL Server and the Microsoft Data Engine have been reported prone to a denial of service attack. Any local or remote user, who can authenticate and is part of the Everyone Group, may trigger a denial of service condition in an affected...

Microsoft SQL Server 7.02000 MSDE - Named Pipe Denial of Service (MS03-031)

Microsoft SQL Server 7.02000 MSDE - Named Pipe Denial of Service MS03-031 source: https://www.securityfocus.com/bid/8274/info Microsoft SQL Server and the Microsoft Data Engine have been reported prone to a denial of service attack. Any local or remote user, who can authenticate and is part of th...

CVE-2003-0496

CVE-2003-0496: Affected software is Microsoft SQL Server on Windows 2000 prior to SP4. By passing a named pipe as an argument to xp_fileexist, a local attacker can impersonate the SQL Server service account due to CreateFile/Named Pipe behavior. Impact is local privilege escalation to the SQL Ser...