Microsoft KB Archive/319507

= FIX: SQL Extended Procedure Functions Contain Unchecked Buffers =

Article ID: 319507

Article Last Modified on 10/29/2007

-

APPLIES TO


 * Microsoft SQL Server 2000 Standard Edition
 * Microsoft SQL Server 7.0 Standard Edition

-



This article was previously published under Q319507





SYMPTOMS
Structured Query Language (SQL) in SQL Server 7.0 and SQL Server 2000 has a number of extended procedure calls that are used for various helper functions. An unchecked buffer exists in several of these extended procedure calls. A buffer overrun can occur as a result and can be used to either cause the SQL Server service to fail, or to cause code to run in the security context of the SQL Server.



SQL Server 2000
To resolve this problem, obtain the latest service pack for Microsoft SQL Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

290211 INF: How To Obtain the Latest SQL Server 2000 Service Pack

SQL Server 7.0
The update for this problem is included in the April 17, 2002 SQL Server 7.0 cumulative security patch. For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:

318268 INF: SQL Server 7.0 Security Update for Service Pack 3



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

SQL Server 2000
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft SQL Server 2000.

This problem was first corrected in Microsoft SQL Server 2000 Service Pack 3.

SQL Server 7.0
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft SQL Server 7.0.

The update for this problem is included in the April 17, 2002 SQL Server 7.0 cumulative security patch.



MORE INFORMATION
For more information about this vulnerability, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS02-020.mspx

Additional query words: security_patch

Keywords: kbproductlink kbsqlserv2000sp3fix kbbug kbfix kbsecurity kbsqlserv2000presp3fix KB319507

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.