Andreas Junstream of @Stake discovered that three new vulnerabilities exist in SQL Server 2000 and 7.0 and Microsoft SQL Server 2000 Desktop Engine (MSDE) and MSDE 1.0, the most serious of which can result in the execution of arbitrary code on the vulnerable computer. These vulnerabilities include named pipe hijacking, named pipe Denial of Service (DoS), and a SQL Server buffer overrun. Microsoft has released Security Bulletin MS03-031, "Cumulative Patch for Microsoft SQL Server (815495)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.

   http://www.secadministrator.com/articles/index.cfm?articleid=39667