Buffer Overrun Vulnerability in SQL Server 2000

Mark Litchfield of Next Generation Security Software (NGSSoftware) discovered a vulnerability in SQL Server 2000 when used in conjunction with the Microsoft Jet 4.0 database engine that can lead to an attacker executing arbitrary code on the vulnerable system. This vulnerability stems from a remotely exploitable buffer overrun in the OpenDataSource function. Microsoft recommends that affected users apply the patch mentioned in the Microsoft article "ACC2002: Updated  Version of Microsoft Jet 4.0 Available in Download Center." You can read more about this vulnerability and patch on the Security Administrator Web site.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.