Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft Data Access Components T-SQL OpenRowSet Buffer Overflow Vuln.

Microsoft Data Access Components T-SQL OpenRowSet Buffer Overflow Vuln.

by Nikola Strahija on August 3rd, 2002 Microsoft Data Access Components (MDAC) provide support for accessing databases, including Microsoft SQL Server, and are included with all versions of Microsoft Windows. A vulnerability has been reported in some versions of MDAC. A buffer overflow vulnerability exists in the T-SQL OpenRowSet command. An attacker able to call this function with an oversized parameter may exploit this issue to crash the SQL Server process, or possibly to execute arbitrary code as the server process. Exploitation may lead to local access, elevated privileges, or access to the database.


Although the vulnerable code is contained within MDAC, Microsoft has reported that this issue is only exploitable if SQL Server is installed on a vulnerable system.

Remote: Yes

Exploit: No


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »