CVE-2003-0232

Microsoft SQL Server < - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0232. PoCs published by refdom.

AI-analyzed exploit summary This exploit targets a denial-of-service (DoS) vulnerability in Microsoft SQL Server by sending a maliciously crafted buffer via a named pipe. The buffer size is user-specified and can crash the server due to improper handling of the input.

Description

Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED
by refdom · cdoswindows
https://www.exploit-db.com/exploits/65

This exploit targets a denial-of-service (DoS) vulnerability in Microsoft SQL Server by sending a maliciously crafted buffer via a named pipe. The buffer size is user-specified and can crash the server due to improper handling of the input.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft SQL Server (pre-MS03-031 patch)
No auth needed
Prerequisites: Network access to the target SQL Server · Named pipe access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/584868
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303
Patch, Vendor Advisory vendor-advisory x_refsource_atstake
http://www.atstake.com/research/advisories/2003/a072303-3.txt

Scores

EPSS 0.0413
EPSS Percentile 89.5%

Details

Status published
Products (3)
microsoft/data_engine 1.0
microsoft/sql_server 7.0 (5 CPE variants)
microsoft/sql_server 2000 (6 CPE variants)
Published Aug 27, 2003
Tracked Since Feb 18, 2026