Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability

Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability

A buffer overflow vulnerability has been reported in SQL Server 2000. The vunerability is a result of an unchecked buffer when using the bulk insert procedure. This procedure is used by administrators to import data into a database table or view directly from data files with a custom format.

The overrun condition is due to an unbounded data copy operation that occurs when processing the procedure arguments. Attackers may exploit this vulnerability by invoking a bulk input procedure with maliciously constructed arguments.