Unchecked Buffer in Microsoft SQL Server 2000 and 7.0

An unchecked buffer in the handling of OLE database provider names.

Ken Pfeil

February 20, 2002

1 Min Read
ITPro Today logo

Reported February 20, 2002, byMicrosoft.

VERSIONS AFFECTED

 

  • Microsoft SQL Server 2000

  • Microsoft SQL Server 7.0

 

DESCRIPTION
An unchecked buffer in the handling of OLE database provider names usedin ad hoc connections exists in Microsoft SQL Server 2000 and 7.0. Dependingupon the server’s configuration, the unchecked buffer can lead to a bufferoverrun condition and remote compromise of the vulnerable server.

 

VENDOR RESPONSE

Thevendor, Microsoft, has released SecurityBulletin MS02-007,which addresses this vulnerability, and recommends that affected users seeMicrosoft article "FIX: Unchecked Buffer May Occur When You Connect toRemote Data Source" to immediately apply the appropriate patch.

 

CREDIT
Discovered by Cesar Cerrudo.

Read more about:

Microsoft
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like