Microsoft: >> Data Engine >> 1.0 Security Vulnerabilities
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVSS Score
4.6
EPSS Score
0.257
Published
2001-01-09
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.
CVSS Score
7.5
EPSS Score
0.126
Published
2000-03-08
Page 3