David Litchfield of NGS Software discovered vulnerabilities in SQL Server and Microsoft Desktop Engine (MSDE) that could result in an unprivileged user gaining control of the database. These vulnerabilities stem from weak default permissions on certain extended

stored procedures that let unprivileged users run these stored procedures with Administrator privileges. Microsoft has released

Security Bulletin MS02-043 (Cumulative Patch for SQL Server) to

address this vulnerability and recommends that affected users download

and apply the patch mentioned in the security bulletin   http://www.secadministrator.com/articles/index.cfm?articleid=26292 .