• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft SQL Server Multiple Extended Stored Procedure Buffer Overflow Vulnerabilities

A vulnerability has been reported in multiple extended stored procedures (XPs) provided with SQL Server. XPs are DLL files that perform high level functions in SQL Server.

If an extremely large parameter is passed to a vulnerble stored procedure, a buffer overflow condition will occur. Depending on the data supplied, this may cause a denial of service condition, or result in the execution of arbitrary code as the SQL Server process.