Description
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Products
- Microsoft data_engine 1.0
- Microsoft data_engine 2000
- Microsoft SQL Server 2000
- Microsoft SQL Server 2000
- Microsoft SQL Server 2000 (Initial Release)
- Microsoft SQLServer 2000 Service Pack 1
- Microsoft SQLServer 2000 Service Pack 2
- Microsoft SQLServer 2000 Service Pack 3
- Microsoft SQLServer 2000 Service Pack 3a
- Microsoft SQL Server 2000 Service Pack 4
- Microsoft SQL Server 2000 Service Pack 4 Analysis Services
- Microsoft SQLServer 7.0
- Microsoft SQL Server 7.0
- Microsoft Microsoft SQLServer 7.0 (alpha)
- Microsoft SQL Server 7.0 Service Pack 1
- Microsoft SQL Server 7.0 Service Pack 1 Alpha
- Microsoft SQL Server 7.0 Service Pack 2
- Microsoft SQL Server 7.0 Service Pack 2 Alpha
- Microsoft SQL Server 7.0 Service Pack 3
- Microsoft SQLServer 7.0 Service Pack 3 (alpha)
- Microsoft SQL Server 7.0 Service Pack 4
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2000-1081, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2000-1081 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References