VULHUB ™

An unchecked buffer within a parameter (lpctstrDbName) of the 'NewSPID' method, could be exploited by submitting 128 characters or more in the 'DbName'. The end result could lead to a buffer overflow condition possibly leading to the execution of arbitrary code.

An unchecked buffer within a parameter (lpctstrDbName) of the 'NewSPID' method, could be exploited by submitting 128 characters or more in the 'DbName'. The end result could lead to a buffer overflow condition possibly leading to the execution of arbitrary code.