Microsoft KB Archive/323264

= FIX: Unchecked Buffer in OpenRowset with SQL Server Driver (MDAC 2.5) =

PSS ID Number: 323264

Article Last Modified on 10/16/2002

-

The information in this article applies to:


 * Microsoft Data Access Components 2.5

-



This article was previously published under Q323264



SYMPTOMS
Microsoft Data Access Components (MDAC) provides several supporting technologies for accessing and for using databases. Among these functions is the underlying support for the Transact-SQL OpenRowset command. This causes a security vulnerability because the MDAC functions that underlie OpenRowset contain an unchecked buffer.

An attacker who submits a database query that contains a specially malformed parameter in a call to OpenRowset could overrun the buffer, either to cause the server that is running Microsoft SQL Server to fail or to cause the SQL Server service to take actions that the attacker dictates.



RESOLUTION
To resolve this problem, obtain the update that is referenced in the following Microsoft Knowledge Base article:

326573 MS02-040: Unchecked Buffer in OpenRowset Updates



STATUS
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article.

Additional query words: security_patch T-SQL

Keywords: kbbug kbQFE KbSECBulletin KbSECHack kbSecurity KbSECVulnerability KB323264

Technology: kbAudDeveloper kbMDAC250 kbMDACSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2003 Microsoft Corporation. All rights reserved.