Phase:SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
ReferencesMS:MS02-038 | URL:http://www.microsoft.com/technet/security/bulletin/ms02-038.asp
Votes:Proposed (Friday, July 26, 2002)
Comments: ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong | MODIFY(1) Frech | NOOP(2) Christey, Cox
F7: Christey> XF:mssql-replication-sql-injection(9660) | URL:http://www.iss.net/security_center/static/9660.php | BUGTRAQ:20020725 SQL Server 2000 Buffer Overflows and SQL Inyection vulnerabilities. | URL:http://online.securityfocus.com/archive/1/284382 | Mention that the function "sp_MScopyscript" is affected, along | with other functions. | Frech> XF:mssql-replication-sql-injection(9660)