The Microsoft Data Access Components (MDAC) provide a number of supporting technologies for accessing and using databases. Included among these functions is the underlying support for the T-SQL OpenRowSet command. A security vulnerability results because the MDAC functions underlying OpenRowSet contain an unchecked buffer. An attacker who successfully exploited it would be able to take action with all the privileges of an affected SQL Server. At a minimum, this would grant the attacker complete control over the database, and potentially could grant administrative privileges at the operating system level as well.
||Windows 95/98/NT, Microsoft Data Access Components 2.5 Service Pack 2