Cesar Cerrudo discovered two vulnerabilities in Microsoft SQL Server 2000 and Microsoft SQL Server Desktop Engine (MSDE) 2000. The vulnerabilities are related to a buffer overrun and SQL injection. Microsoft released Security Bulletin MS02-038 (Unchecked Buffer in SQL Server 2000 Utilities Could Allow Code Execution) to address these vulnerabilities and recommends that affected users download and apply the appropriate patch mentioned in the bulletin.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

http://www.secadministrator.com/articles/index.cfm?articleid=26074