Phase:Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
ReferencesATSTAKE:A122001-1 | URL:http://www.atstake.com/research/advisories/2001/a122001-1.txt | BUGTRAQ:Friday, December 21, 2001 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server | URL:http://marc.theaimsgroup.com/?l=bugt
Votes:Modified (Wednesday, November 01, 2006)
Comments: ACCEPT(5) Baker, Cole, Frech, Green, Wall | NOOP(1) Foat
F7: