Oval Definition:oval:org.mitre.oval:def:235
Revision Date:2014-06-23Version:46
Title:SQL Server Named Pipe Hijacking
Description:Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2003-0230
Platform(s):Microsoft Windows 2000
Product(s):Microsoft SQL Server 2000
Microsoft SQL Server 2000 Desktop Engine (WMSDE)
Definition Synopsis
  • SQL Server 2000 is installed
  • AND File console.exe version3 is less than 2000.80.818.0
  • AND File dbmslpcn.dll version3 is less than 2000.80.818.0
  • AND File sqlmap70.dll version3 is less than 2000.80.811.0
  • AND File sqlrepss.dll version3 is less than 2000.80.765.0
  • AND the version of sqlservr.exe is less than 2000.80.818.0
  • AND the version of ssmslpcn.dll is less than 2000.80.818.0
  • AND the version of ssnetlib.dll is less than 2000.80.818.0
  • AND the version of ssnmpn70.dll is less than 2000.80.818.0
  • AND the version of ums.dll is less than 2000.80.816.0
  • AND the version of odsole70.dll is less than 2000.80.800.0
  • AND the version of xpweb70.dll is less than 2000.80.778.0
  • AND File msgprox.dll version3 is less than 2000.80.765.0
  • AND the version of replprov.dll is less than 2000.80.798.0
  • AND File replrec.dll version3 is less than 2000.80.765.0
  • AND File sqlvdi.dll version3 is less than 2000.80.765.0
    • BACK