Microsoft SQL Server xp_dirtree Buffer Overflow Vulnerability
by Nikola Strahija on March 7th, 2002 A vulnerability has been reported in the xp_dirtree function provided with SQL Server. XPs are DLL files that perform high level functions in SQL Server. When called, they invoke a function called Srv_paraminfo() to parse the input parameters.
If an extremely large parameter is passed to the stored procedure xp_dirtree, a buffer overflow condition will occur. Depending on the data supplied, this may cause a denial of service condition, or result in the execution of arbitrary code as the SQL Server process.
This may be related to an older, known problem with unsafe usage of the Srv_paraminfo() function call. This issue is discussed in BID 2030, 2031, 2038, 2039, 2040, 2041, 2042, and 2043. This relationship has not been confirmed.
Remote: Yes
Exploit: No