Skip navigation
Menu
Security

SQL Server May Pass Privileged Commands

 
SQL Server May Pass Privileged Commands
Reported March 6, 2000 by Sven Hammesfahr
VERSIONS AFFECTED
  • Microsoft SQL Server 7.0
  • Microsoft Data Engine (MSDE) 1.0

    • DESCRIPTION

    According to Microsoft"s bulletin on this matter, SQL Server 7.0 and MSDE 1.0 perform incomplete argument validation on certain classes of remotely submitted SQL statements. Because of this problem, a user may be able to pass privileged commands that could become executed by SQL Server or the operating system itself.

    No information was available regarding what classes of commands were at issue in this matter.

    VENDOR RESPONSE

    Microsoft has issued a patch as well as a FAQ for the problem.

    CREDITS
    Discovered by Sven Hammesfahr
    Hide comments

    More information about text formats

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish
    Recommended Reading
    Businesswoman challenges concept and gender obstacles
    Women in Cybersecurity Face Barriers to Hiring, Advancement
    Apr 15, 2024
    person typing on keyboard with icons for certificates
    Top IT Certifications for a Career in Finance
    Apr 12, 2024
    employee working on a laptop with AI
    Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
    Mar 26, 2024
    cleaning products
    6 Essential Steps for Spring Cleaning Your Website
    Mar 21, 2024