CVE-2003-0231

Microsoft SQL Server and MSDE - Denial of Service via Long Named Pipe Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0231. PoCs published by refdom.

AI-analyzed exploit summary This exploit sends an unusually large request to a named pipe in Microsoft SQL Server, causing a denial of service (DoS) condition. It leverages a buffer overflow vulnerability in the named pipe handling mechanism.

Description

Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.

Exploits (1)

exploitdb WORKING POC VERIFIED
by refdom · c++doswindows
https://www.exploit-db.com/exploits/22957

This exploit sends an unusually large request to a named pipe in Microsoft SQL Server, causing a denial of service (DoS) condition. It leverages a buffer overflow vulnerability in the named pipe handling mechanism.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft SQL Server (pre-MS03-031 patch)
Auth required
Prerequisites: Network access to the target SQL Server · Authentication credentials (part of the Everyone Group)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources vendor-advisory x_refsource_atstake
http://www.atstake.com/research/advisories/2003/a072303-2.txt
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/918652

Scores

EPSS 0.2901
EPSS Percentile 96.7%

Details

Status published
Products (3)
microsoft/data_engine 1.0
microsoft/sql_server 7.0 (5 CPE variants)
microsoft/sql_server 2000 (6 CPE variants)
Published Aug 27, 2003
Tracked Since Feb 18, 2026