Version: 2008
advertisement
Click Here

Microsoft SQL Server 2000 Remote Data Source Function Contains Unchecked Buffers Q316333

  • Quick specs
  • Price: Update
  • Operating system: Windows 98/2000/XP
  • Date added: February 21, 2002
  • Total Downloads: 85
  • Downloads last week: 4
  • See full specifications
Add to my list Add to my Watch List
Download Now (7.82MB)
Tested spyware free

Publisher's description

From Microsoft :

One of the features of Structured Query Language (SQL) in SQL Server 7.0 and 2000 is the ability to connect to remote data sources. One capability of this feature is the ability to use ?ad hoc? connections to connect to remote data sources without setting up a linked server for less-often used data-sources. This is made possible through the use of OLE DB providers, which are low-level data source providers. This capability is made possible by invoking the OLE DB provider directly by name in a query to connect to the remote data source.

An unchecked buffer exists in the handling of OLE DB provider names in ad hoc connections. A buffer overrun could occur as a result and could be used to either cause the SQL Server service to fail, or to cause code to run in the security context of the SQL Server. SQL Server can be configured to run in various security contexts, and by default runs as a domain user. The precise privileges the attacker could gain would depend on the specific security context that the service runs in.

An attacker could exploit this vulnerability in one of two ways. They could attempt to load and execute a database query that calls one of the affected functions. Conversely, if a web-site or other database front-end were configured to access and process arbitrary queries, it could be possible for an attacker to provide inputs that would cause the query to call one of the functions in question with the appropriate malformed parameters.

New Visual Studio plug-in: Intel Parallel Studio finds memory leaks fast

More popular Database Software downloads

  1. 4,901 downloads 1. Navicat Lite
  2. 3,215 downloads 2. Navicat Premium
  3. 794 downloads 3. Crystal Reports
  4. 731 downloads 4. Crystal Reports Server
  5. 724 downloads 5. Navicat (MySQL GUI)
  6. See all Database Software downloads
Convert PDF files to Word and Excel documents.

User reviews

Write your own review Be the first one to review Microsoft SQL Server 2000 Remote Data Source Function Contains Unchecked Buffers Q316333 and share your experience with the CNET community!

Submit your review

Log in or create an account to submit your review for:

Microsoft SQL Server 2000 Remote Data Source Function Contains Unchecked Buffers Q316333

ORLog in with your Facebook account
1. Rate this product:
(Mouse over the stars to rate this product and click to set your rating.)
2. One-line summary:(Summarize your review in one line. 10 characters minimum; required.)
0 of 55 characters
3. Pros:(Tell us what you like about this product. 10 characters minimum; required.)
0 of 250 characters
4. Cons:(Tell us what you don't like about this product. 10 characters minimum; required.)
0 of 250 characters
Bottom-line summary:(Explain to us in detail why you like or dislike the product, focusing your comments on the product's features and functionality, and your experience using the product. This field is optional.)
0 of 5000 characters

The posting of advertisements, profanity, or personal attacks are prohibited.
Click here to review our site terms of use.

Submit
See more CNET content tagged:
Microsoft SQL Server,
attacker,
data source,
query,
server

Get free trials and software from our premier partners

advertisement