David Litchfield of NGS Software discovered vulnerabilities in SQL Server and Microsoft Desktop Engine (MSDE) that could result in an unprivileged user gaining control of the database. These vulnerabilities stem from weak default permissions on certain extended
stored procedures that let unprivileged users run these stored procedures with Administrator privileges. Microsoft has released
Security Bulletin MS02-043 (Cumulative Patch for SQL Server) to
address this vulnerability and recommends that affected users download
and apply the patch mentioned in the security bulletin http://www.secadministrator.com/articles/index.cfm?articleid=26292 .