Reported June 12, 2002, by Microsoft.



·         Microsoft SQLXML, which ships as part of SQL Server 2000 and available as a stand-alone download



Two vulnerabilities exist in SQLXML. The first problem is a buffer overrun that lets an attacker execute arbitrary code on the affected system, and the other problem is in a function specifying an XML tag that lets an attacker run script on the user’s computer in a higher-privilege zone, such as “Intranet” instead of “Internet.”


The vendor, Microsoft, has released Security Bulletin MS02-030 (Unchecked Buffer in SQLXML could lead to Code Execution) to address this vulnerability, and recommends that affected users download and apply the appropriate patch mentioned in the bulletin.


Discovered by Matt Moore of Westpoint.