VULHUB ™

Microsoft SQL Server 7.0 and Data Engine (an SQL-compatible add-on for Access 2000 and Visual Studio 6.0) will accept SQL queries that can lead to compromise of the database or the underlying operating system. It is possible for any SQL-authenticated user to pass commands through SQL SELECT statements that will be run at the privilege level of the database owner or administrator.

Microsoft SQL Server 7.0 and Data Engine (an SQL-compatible add-on for Access 2000 and Visual Studio 6.0) will accept SQL queries that can lead to compromise of the database or the underlying operating system. It is possible for any SQL-authenticated user to pass commands through SQL SELECT statements that will be run at the privilege level of the database owner or administrator.