SQL Server May Pass Privileged Commands
Reported March 6, 2000 by Sven Hammesfahr
According to Microsoft"s bulletin on this matter, SQL Server 7.0 and MSDE 1.0 perform incomplete argument validation on certain classes of remotely submitted SQL statements. Because of this problem, a user may be able to pass privileged commands that could become executed by SQL Server or the operating system itself.
No information was available regarding what classes
of commands were at issue in this matter.