Buffer Overflow Vulnerability in SQL Server and MSDE by Microsoft
CVE-2000-1084

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Data Engine
Vendor: CVE Published:; 9 January 2001

What is CVE-2000-1084?

The vulnerability arises from the xp_updatecolvbm function in SQL Server and MSDE failing to adequately restrict buffer length during the srv_paraminfo function call. This design flaw enables attackers to exploit the system, leading to potential denial of service or unauthorized execution of arbitrary commands through Extended Stored Procedures. The affected systems are put at risk, necessitating urgent patching and mitigation strategies to safeguard against exploitation.

References

http://marc.info/?l=bugtraq&m=97570878710037&w=2

vendor-advisoryx_refsource_ATSTAKE

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/2039

vdb-entryx_refsource_BID

EPSS Score

43% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2001
Vulnerability Reserved
Dec 1, 2000