Buffer Overflow Vulnerability in Microsoft SQL Server 2000 and MSDE
CVE-2000-1085

Currently unrated

Key Information:

Vendor
Microsoft
Status
Sql Server
Data Engine
Vendor
CVE Published:
9 January 2001

Summary

The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) is susceptible to a buffer overflow due to improper restriction on buffer length. This vulnerability occurs during the processing of parameters passed to the srv_paraminfo function, which is part of the SQL Server API for Extended Stored Procedures (XP). An attacker can exploit this weakness to cause a denial of service or execute arbitrary commands on the affected system, thereby compromising the integrity and availability of the database service.

References

http://www.securityfocus.com/bid/2040
vdb-entryx_refsource_BID
http://marc.info/?l=bugtraq&m=97570884410184&w=2
vendor-advisoryx_refsource_ATSTAKE
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2000-1085 : Buffer Overflow Vulnerability in Microsoft SQL Server 2000 and MSDE | SecurityVulnerability.io