FREE Registration is required
Overview:
This is a cumulative patch that includes the functionality of all previously released patches for SQL Server 7.0 and SQL Server 2000. In addition, it eliminates a newly discovered vulnerability. SQL Server 7.0 and SQL Server 2000 provide for extended stored procedures, which are external routines written in programming languages such as C or C#. These procedures appear as normal stored procedures to users and can be invoked and executed just like normal stored procedures. By default, SQL Server 7.0 and SQL Server 2000 ship with a number of extended stored procedures which are used for various helper functions. Some of the Microsoft-provided extended stored procedures that have the ability to reconnect to the database as the SQL Server service account have a flaw in common namely, they have weak permissions that can allow non-privileged users to execute them. Because these extended stored procedures can be made to run with administrator privileges on the database, it is thus possible for a non-privileged user to run stored procedures on the database with administrator privileges. An attacker could exploit this vulnerability in one of two ways. The attacker could attempt to load and execute a database query that calls one of the affected extended store procedures. Alternately, if a web-site or other database front-end were configured to access and process arbitrary queries, it could be possible for the attacker to provide inputs that would cause the query to call one of the functions in question with the appropriate malformed parameters. Download the patch for SQL Server 7.0. Click on the Alternate Download link for 2000.
(Is this item miscategorized? Does it need more tags? Let us know.)
| Format: | Software | Size: | 114 KB |
| Date: | Aug 2002 | Version: | Q316333 |
| License: | Update | ||
| Platform: | Windows | ||
| System Req: | Microsoft SQL Server 7.0 Microsoft Desktop Engine (MSDE) 1.0 Microsoft SQL Server 2000 Microsoft Desktop Engine (MSDE) 2000 |
Top results from Database Software
White Papers, Webcasts, and Resources
- Whitepaper:Intelligent Data Management with Dell Product Group Dell EqualLogicRead about IDM, a new concept that makes it easier and more affordable to manage and leverage your company's data throughout its lifecycle.
- Designing High Availability for Internet Information Services CA XOsoftEnd downtime forever on your Web servers running Microsoft Internet Information Services with this step-by-step guide to high availability.
- Windows Phones and Unified Communications MicrosoftGain a more solid understanding of UC, why it’s essential for your business today, and what makes Windows phones ideal for secure UC environments.
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- The more you simplify, the more you save
-
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
- Learn more >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
Enterprise Applications
- Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
- New Online Dashboard
-
- Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline
-
