MS02-007: SQL Server 7.0, SQL Server 2000

Thanks to Andrew Hodes for sending this in. An unchecked buffer exists in the handling of OLE DB provider names in ad hoc connections. A buffer overrun could occur as a result and could be used to either cause the SQL Server service to fail, or to cause code to run in the security context of the SQL Server. SQL Server can be configured to run in various security contexts, and by default runs as a domain user. The precise privileges the attacker could gain would depend on the specific security context that the service runs in.

An attacker could exploit this vulnerability in one of two ways. They could attempt to load and execute a database query that calls one of the affected functions. Conversely, if a web-site or other database front-end were configured to access and process arbitrary queries, it could be possible for an attacker to provide inputs that would cause the query to call one of the functions in question with the appropriate malformed parameters.

Affected Software:

  • Microsoft SQL Server 7.0
  • Microsoft SQL Server 2000
Impact of vulnerability: Run code of attacker"s choice on server

Maximum Severity Rating: Moderate

View: Microsoft Security Bulletin MS02-007 - SQL Server Remote Data Source Function Contain Unchecked Buffers

Report a problem with article
Next Article

Update to Mac OS X released

Previous Article

StyleBuilder 1.0 out!