Description
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
Affected products
- Microsoft / msde2000 – 2000
- Microsoft / sql_server2000 – 2000
References
- VENDOR_ADVISORYhttp://www.ngssoftware.com/advisories/ms-sqlbi.txt
- MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034
- MISChttp://www.kb.cert.org/vuls/id/682620
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A316
- MAILING_LISThttp://marc.info/?l=bugtraq&m=102639885223746&w=2
- MISChttp://www.securityfocus.com/bid/4847
Updated 25m ago · 2 sources