Unchecked Buffer in Microsoft SQL Server 2000 and 7.0

Reported February 20, 2002, by Microsoft.

VERSIONS AFFECTED

 

  • Microsoft SQL Server 2000

  • Microsoft SQL Server 7.0

 

DESCRIPTION
An unchecked buffer in the handling of OLE database provider names used in ad hoc connections exists in Microsoft SQL Server 2000 and 7.0. Depending upon the server’s configuration, the unchecked buffer can lead to a buffer overrun condition and remote compromise of the vulnerable server.

 

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS02-007, which addresses this vulnerability, and recommends that affected users see Microsoft article "FIX: Unchecked Buffer May Occur When You Connect to Remote Data Source" to immediately apply the appropriate patch.

 

CREDIT
Discovered by Cesar Cerrudo.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish