header-logo
Suggest Exploit
vendor:
SQL Server
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overrun Vulnerability
120
CWE
Product Name: SQL Server
Affected Version From: Microsoft SQL Server 7.0
Affected Version To: Microsoft SQL Server 2000
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Microsoft SQL Server Jet Database Engine Buffer Overrun Vulnerability

Microsoft SQL Server is prone to an exploitable buffer overrun vulnerability via the Jet Database Engine. This can occur while the JET 4.0 OLE DB data provider is querying data supplied via a remote source and is due to insufficient bounds checking of parameters of heterogeneous or ad hoc query methods.

Mitigation:

Ensure that all user-supplied input is validated before being used in a query.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7541/info

Microsoft SQL Server is prone to an exploitable buffer overrun vulnerability via the Jet Database Engine. This can occur while the JET 4.0 OLE DB data provider is querying data supplied via a remote source and is due to insufficient bounds checking of parameters of heterogeneous or ad hoc query methods.

select * from openrowset('microsoft.jet.oledb.4.0','c:\anydatabase.mdb';'admin';'','select XXX...()')

or

select * from Openquery(SomeJet40LinkedServer,'Select XXX...()')


(where XXX... is more than 276 chars)

Navigation

Suggest Exploit

Services By CQR