Buffer Overflow Vulnerability in Microsoft SQL Server and MSDE
CVE-2000-1082

Currently unrated

Key Information:

Vendor
Microsoft
Status
Sql Server
Data Engine
Vendor
CVE Published:
9 January 2001

Summary

The vulnerability exists in the xp_enumresultset function within Microsoft SQL Server and the Microsoft SQL Server Desktop Engine (MSDE). It fails to properly manage the buffer length prior to invoking the srv_paraminfo function call in the SQL Server API for Extended Stored Procedures. Exploiting this flaw allows attackers to adversely affect system availability or execute unauthorized commands, posing a significant threat to applications reliant on the server.

References

http://marc.info/?l=bugtraq&m=97570878710037&w=2
vendor-advisoryx_refsource_ATSTAKE
http://www.securityfocus.com/bid/2031
vdb-entryx_refsource_BID
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

43% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2000-1082 : Buffer Overflow Vulnerability in Microsoft SQL Server and MSDE | SecurityVulnerability.io