The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the Extended Stored Procedure Parameter Parsing vulnerability.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Data_engine | Microsoft | 1.0 (including) | 1.0 (including) |
| Data_engine | Microsoft | 2000 (including) | 2000 (including) |
| Sql_server | Microsoft | 7.0 (including) | 7.0 (including) |
| Sql_server | Microsoft | 2000 (including) | 2000 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=97570884410184\u0026w=2
- http://www.securityfocus.com/bid/2043
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092
- http://marc.info/?l=bugtraq\u0026m=97570884410184\u0026w=2
- http://www.securityfocus.com/bid/2043
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092