Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sql_server | Microsoft | 7.0 (including) | 7.0 (including) |
Sql_server | Microsoft | 2000 (including) | 2000 (including) |