Reported February 20, 2002, by
Microsoft.
VERSIONS AFFECTED
Microsoft
SQL Server 2000
Microsoft
SQL Server 7.0
DESCRIPTION
VENDOR RESPONSE
The
vendor, Microsoft, has released Security
Bulletin MS02-007,
which addresses this vulnerability, and recommends that affected users see
Microsoft article "FIX: Unchecked Buffer May Occur When You Connect to
Remote Data Source" to immediately apply the appropriate patch.
CREDIT
An unchecked buffer in the handling of OLE database provider names used
in ad hoc connections exists in Microsoft SQL Server 2000 and 7.0. Depending
upon the server’s configuration, the unchecked buffer can lead to a buffer
overrun condition and remote compromise of the vulnerable server.
Discovered by Cesar Cerrudo.
Unchecked Buffer in Microsoft SQL Server 2000 and 7.0
0 comments
Hide comments