Multiple vulnerabilities have been discovered in Microsoft SQL Server 2000. The vulnerabilities let an attacker run arbitrary code on the SQL Server system in the context of a local administrator. Several extended stored procedures exist within SQL Server 2000 that are vulnerable to buffer overflow attacks.
The following extended stored procedures are found to be vulnerable, xp_peekqueue (xpqueue.dll), and xp_printstatements (xprepl.dll).
The following query will return a directory tree of C:\WinNT;
exec xp_dirtree C:\winnt
If a malicious user was to pass extremely long strings in place of various parameters the buffer overflow will occure.
Microsoft has issued a security bulletin, MS00-092 and is available at;