Multiple Vulnerabilities in Microsoft SQL Server 2000 and 7.0 - 10 Jan 2002

Multiple vulnerabilities exist in Microsoft SQL Server 2000 and 7.0. The first vulnerability is a result of several functions that let the SQL database generate text messages. By not adequately verifying that the text fits into the allocated buffer space, SQL Server can cause a buffer overrun using the service's security context. The second vulnerability results from a format string error in the C runtime functions that SQL Server calls when you install the software on Windows XP, Windows 2000, and Windows NT 4.0 systems. An attacker can use this vulnerability to cause a Denial of Service (DoS) condition. Users can learn details about these vulnerabilities on the discoverer's Web site. Microsoft has released Security Bulletin MS01-060 to address these vulnerabilities and recommends that affected users immediately apply the patches provided with the bulletin. Microsoft cautions users about the risk of applying the C runtime patch--if a regression error were to result from applying the patch, the results might be widespread and damaging.