Mark Litchfield of Next Generation Security Software (NGSSoftware) discovered a vulnerability in SQL Server 2000 when used in conjunction with the Microsoft Jet 4.0 database engine that can lead to an attacker executing arbitrary code on the vulnerable system. This vulnerability stems from a remotely exploitable buffer overrun in the OpenDataSource function. Microsoft recommends that affected users apply the patch mentioned in the Microsoft article "ACC2002: Updated Version of Microsoft Jet 4.0 Available in Download Center." You can read more about this vulnerability and patch on the Security Administrator Web site.
Buffer Overrun Vulnerability in SQL Server 2000
0 comments
Hide comments