FIX: SQL Extended Procedure Functions Contain Unchecked Buffers

Structured Query Language (SQL) in SQL Server 7.0 and SQL Server 2000 has a number of extended procedure calls that are used for various helper functions. An unchecked buffer exists in several of these extended procedure calls. A buffer overrun can occur as a result and can be used to either cause the SQL Server service to fail, or to cause code to run in the security context of the SQL Server.

SQL Server 2000

To resolve this problem, obtain the latest service pack for Microsoft SQL Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

SQL Server 7.0

The update for this problem is included in the April 17, 2002 SQL Server 7.0 cumulative security patch. For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

SQL Server 2000

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft SQL Server 2000.
This problem was first corrected in Microsoft SQL Server 2000 Service Pack 3.

SQL Server 7.0

Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft SQL Server 7.0.
The update for this problem is included in the April 17, 2002 SQL Server 7.0 cumulative security patch.

For more information about this vulnerability, visit the following Microsoft Web site: