SQL Server Named Pipe Privilege Escalation Vulnerability
July 11, 2003[From Secunia]
A vulnerability has been identified in SQL Server, which can be exploited by malicious, local users to escalate their privileges on a vulnerable system.
The vulnerability is caused due to a general error in the "CreateFile" API and an attack vector exists in SQL Server making it possible to gain the privileges of the SQL Server. This can be exploited by specifying the UNC name of a named pipe instead of a file as an argument to the "xp_fileexist" extended stored procedure.
The article continues at http://www.secunia.com/advisories/9229/