Vulnerabilities: Microsoft SQLXML

SQLXML enables the transfer of XML data to and from SQL Server 2000. Two vulnerabilities exist in SQLXML:

"1. An unchecked buffer vulnerability in an ISAPI extension that could,in the worst case, allow an attacker to run code of their choice on the Microsoft Internet Information Services (IIS) Server.

2. A vulnerability in a function specifying an XML tag that could allow an attacker to run script on the user's computer with higher privilege. For example, a script might be able to be run in the Intranet Zone instead of the Internet Zone."

More information can be found here

Join the newsletter!

Error: Please check your email address.

More about Microsoft

Show Comments