Reported July 24, 2002, by Microsoft.
Microsoft SQL Server 2000
Microsoft Desktop Engine (MSDE) 2000
Two vulnerabilities exist in Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000. These vulnerabilities are:
A buffer overrun vulnerability in several Database Consistency Checkers (DBCCs) that ship as part of SQL Server 2000. Because the db_owner and db_ddladmin roles can execute some of these DBCCs, an attacker could run code in the context of the SQL Server service.
A SQL injection vulnerability occurs in two stored procedures used in database replication. One of these procedures can be run only by a user who has been assigned to the db_owner role; the other requires an interactive logon. Attackers cannot exploit this vulnerability if the SQL Server Agent Proxy account is disabled (SQL Server ships with this account disabled by default).
The vendor, Microsoft, has released Security Bulletin MS02-038 (Unchecked Buffer in SQL Server 2000 Utilities Could Allow Code Execution) to address these vulnerabilities and recommends that affected users download and apply the appropriate patch mentioned in the security bulletin.
Discovered by Cesar Cerrudo.