• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft SQL Server OLE DB Provider Name Buffer Overflow Vulnerability

Microsoft SQL Server does not perform proper bounds checking of the provider arguments to the OpenDataSource and OpenRowset functions. As a result, it is possible to cause a buffer overflow condition to occur by providing an excessively long string as a provider name in a query.

Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the database.

There is a possibility that this issue may be exploited remotely, either via a distributed SQL queries or potentially via a SQL injection attack.