Skip navigation

Multiple Vulnerabilities Found in SQL Server

Andreas Junstream of @Stake discovered that three new vulnerabilities exist in SQL Server 2000 and 7.0 and Microsoft SQL Server 2000 Desktop Engine (MSDE) and MSDE 1.0, the most serious of which can result in the execution of arbitrary code on the vulnerable computer. These vulnerabilities include named pipe hijacking, named pipe Denial of Service (DoS), and a SQL Server buffer overrun. Microsoft has released Security Bulletin MS03-031, "Cumulative Patch for Microsoft SQL Server (815495)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.