Version: 2008
advertisement
Click Here

Microsoft Security Bulletin MS02-043 Q316333

  • Quick specs
  • Price: Update
  • Operating system:
  • Date added: August 15, 2002
  • Total Downloads: 15
  • Downloads last week: 2
  • See full specifications
Add to my list Add to my Watch List
Download Now (114.26K)
Tested spyware free

Publisher's description

From Microsoft :

This is a cumulative patch that includes the functionality of all previously released patches for SQL Server 7.0 and SQL Server 2000. In addition, it eliminates a newly discovered vulnerability.

SQL Server 7.0 and SQL Server 2000 provide for extended stored procedures, which are external routines written in programming languages such as C or C#. These procedures appear as normal stored procedures to users and can be invoked and executed just like normal stored procedures. By default, SQL Server 7.0 and SQL Server 2000 ship with a number of extended stored procedures which are used for various helper functions.

Some of the Microsoft-provided extended stored procedures that have the ability to reconnect to the database as the SQL Server service account have a flaw in common ? namely, they have weak permissions that can allow non-privileged users to execute them. Because these extended stored procedures can be made to run with administrator privileges on the database, it is thus possible for a non-privileged user to run stored procedures on the database with administrator privileges.

An attacker could exploit this vulnerability in one of two ways. The attacker could attempt to load and execute a database query that calls one of the affected extended store procedures. Alternately, if a web-site or other database front-end were configured to access and process arbitrary queries, it could be possible for the attacker to provide inputs that would cause the query to call one of the functions in question with the appropriate malformed parameters.

Download the patch for SQL Server 7.0. Click on the Alternate Download link for 2000.

Upgrade your Apps
Design, build, debug and tune for multicore
Download Now

More popular Database Software downloads

  1. 4,901 downloads 1. Navicat Lite
  2. 3,215 downloads 2. Navicat Premium
  3. 794 downloads 3. Crystal Reports
  4. 731 downloads 4. Crystal Reports Server
  5. 724 downloads 5. Navicat (MySQL GUI)
  6. See all Database Software downloads
Able2Extract PDF Converter
Convert PDF files to Word and Excel documents.
Download Now

User reviews

Write your own review Be the first one to review Microsoft Security Bulletin MS02-043 Q316333 and share your experience with the CNET community!

Submit your review

Log in or create an account to submit your review for:

Microsoft Security Bulletin MS02-043 Q316333

 ORLog in with your Facebook account
1. Rate this product:
(Mouse over the stars to rate this product and click to set your rating.)
2. One-line summary:(Summarize your review in one line. 10 characters minimum; required.)
0 of 55 characters
3. Pros:(Tell us what you like about this product. 10 characters minimum; required.)
0 of 250 characters
4. Cons:(Tell us what you don't like about this product. 10 characters minimum; required.)
0 of 250 characters
Bottom-line summary:(Explain to us in detail why you like or dislike the product, focusing your comments on the product's features and functionality, and your experience using the product. This field is optional.)
0 of 5000 characters

The posting of advertisements, profanity, or personal attacks are prohibited.
Click here to review our site terms of use.

Submit
See more CNET content tagged:
Microsoft SQL Server,
Microsoft SQL Server 2000,
Microsoft SQL Server 7.0,
attacker,
procedure

Get free trials and software from our premier partners

advertisement
download
Site map
Help center
Our software policies
Newsletters
Submit software
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET API
About CNET