Multiple Vulnerabilities in SQLXML for SQL Server 2000


Matt Moore has discovered two vulnerabilities in XML for SQL Server 2000 (SQLXML). The first problem is a buffer overrun that lets an attacker execute arbitrary code on the affected system, and the second problem is in a function specifying an XML tag that lets an attacker run scripts on the user's computer in a higher privilege zone, such as "Intranet" instead of "Internet." Microsoft has released Security Bulletin MS02-030 (Unchecked Buffer in SQLXML Could Lead to Code Execution) to address this vulnerability and recommends that affected users download and apply the appropriate patch mentioned in the bulletin. For more information, see .

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.