Flaw: Unchecked buffer in SQL Server

Microsft has issued an alert relating to SQL Server 7.0 and 2000. Microsoft says: "The Microsoft Data Access Components (MDAC) provide a number of supporting technologies for accessing and using databases. Included among these functions is the underlying support for the T-SQL OpenRowSet command. A security vulnerability results because the MDAC functions underlying OpenRowSet contain an unchecked buffer.

An attacker who submitted a database query containing a specially malformed parameter within a call to OpenRowSet could overrun the buffer, either for the purpose of causing the SQL Server to fail or causing the SQL Server service to take actions dictated by the attacker."

For more information and a patch, click here

Join the newsletter!

Error: Please check your email address.

More about Microsoft

Show Comments