Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-1088

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2000-1088
Last Modified 05 Sep 2008 04:22:37
Published 09 Jan 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-1088

Summary

The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

Vulnerable Systems

Application

  • Microsoft Data Engine 1.0

  • Microsoft Data Engine 2000

  • Microsoft Sql Server 2000

  • Microsoft Sql Server 7.0


References

BID - 2043

MS - MS00-092

ATSTAKE - 20001201 SQL Server 2000 Extended Stored Procedure Vulnerability


Last Updated: 27 May 2016 10:36:00