Buffer Overflow Vulnerability in SQL Server and MSDE by Microsoft
CVE-2000-1084

Currently unrated

Key Information:

Vendor
Microsoft
Status
Sql Server
Data Engine
Vendor
CVE Published:
9 January 2001

Summary

The vulnerability arises from the xp_updatecolvbm function in SQL Server and MSDE failing to adequately restrict buffer length during the srv_paraminfo function call. This design flaw enables attackers to exploit the system, leading to potential denial of service or unauthorized execution of arbitrary commands through Extended Stored Procedures. The affected systems are put at risk, necessitating urgent patching and mitigation strategies to safeguard against exploitation.

References

http://marc.info/?l=bugtraq&m=97570878710037&w=2
vendor-advisoryx_refsource_ATSTAKE
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securityfocus.com/bid/2039
vdb-entryx_refsource_BID

EPSS Score

43% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2000-1084 : Buffer Overflow Vulnerability in SQL Server and MSDE by Microsoft | SecurityVulnerability.io