Buffer Overflow Vulnerability in Microsoft SQL Server Extended Stored Procedures
CVE-2000-1083

Currently unrated

Key Information:

Vendor
Microsoft
Status
Sql Server
Data Engine
Vendor
CVE Published:
9 January 2001

Summary

A vulnerability exists in Microsoft SQL Server and Microsoft SQL Server Desktop Engine (MSDE) due to improper length restriction in the xp_showcolv function. This weakness allows an attacker to exploit the srv_paraminfo function utilized in the SQL Server API for Extended Stored Procedures, potentially leading to a denial of service or unauthorized command execution. It emphasizes the need for properly validating input parameters in order to safeguard database integrity.

References

http://marc.info/?l=bugtraq&m=97570878710037&w=2
vendor-advisoryx_refsource_ATSTAKE
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securityfocus.com/bid/2038
vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2000-1083 : Buffer Overflow Vulnerability in Microsoft SQL Server Extended Stored Procedures | SecurityVulnerability.io