Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft sql server 2000 |
||
microsoft sql server 7.0 |