Article ID: 317979 - View products that this article applies to.
This article was previously published under Q317979
This article has been archived. It is offered "as is" and will no longer be updated.
This article discusses a security or privacy issue that may affect the operation of your computer. The information in this article is provided "as-is" without warranty of any kind. The workaround or hotfix that is described in this article addresses the issue as it is currently understood, but may not protect against any undiscovered variants of this issue. Microsoft recommends that you apply this cumulative patch or implement the workarounds if one is provided.
BUG #: 102359 (SQLBUG_70)
BUG #: 356666 (SHILOH_BUGS)
When you submit a query to a remote data source and the query contains a string longer than what is expected, the buffer could be overwritten. If you submit a query that has a string longer than expected, the query may cause a handled exception of this SQL Server thread, or may allow an attacker to run arbitrary code under the security context in which the SQL Server service is running.
SQL Server 2000To resolve this problem in SQL Server 2000, use these steps:
SQL Server 7.0To resolve this problem, obtain the latest service pack for Microsoft SQL Server 7.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
301511NOTE: The following hotfix was created prior to Microsoft SQL Server 7.0 Service Pack 4.
(http://support.microsoft.com/kb/301511/EN-US/ )INF: How to Obtain the Latest SQL Server 7.0 Service Pack
Hotfix: To resolve this problem in SQL Server 7.0, follow these steps:
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
SQL Server 7.0
This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 4.