VULHUB ™

Microsoft Security Advisory MS02-007 - Microsoft SQL Server 7.0 and 2000 contains an exploitable buffer overflow in the handling of OLE DB provider names in ad hoc connections. An attacker could exploit this vulnerability in one of two ways. They could attempt to load and execute a database query that calls one of the affected functions. Conversely, if a web-site or other database front-end were configured to access and process arbitrary queries, it is possible for an attacker to provide inputs that would cause the query to call one of the functions in question with the appropriate malformed parameters. Microsoft FAQ on this issue available here.

Microsoft Security Advisory MS02-007 - Microsoft SQL Server 7.0 and 2000 contains an exploitable buffer overflow in the handling of OLE DB provider names in ad hoc connections. An attacker could exploit this vulnerability in one of two ways. They could attempt to load and execute a database query that calls one of the affected functions. Conversely, if a web-site or other database front-end were configured to access and process arbitrary queries, it is possible for an attacker to provide inputs that would cause the query to call one of the functions in question with the appropriate malformed parameters. Microsoft FAQ on this issue available here.