Reported June 12, 2002, by Microsoft.

VERSION AFFECTED

 

·         Microsoft SQLXML, which ships as part of SQL Server 2000 and available as a stand-alone download

 

DESCRIPTION

Two vulnerabilities exist in SQLXML. The first problem is a buffer overrun that lets an attacker execute arbitrary code on the affected system, and the other problem is in a function specifying an XML tag that lets an attacker run script on the user’s computer in a higher-privilege zone, such as “Intranet” instead of “Internet.”

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS02-030 (Unchecked Buffer in SQLXML could lead to Code Execution) to address this vulnerability, and recommends that affected users download and apply the appropriate patch mentioned in the bulletin.

 

CREDIT
Discovered by Matt Moore of Westpoint.