Article ID: 321460 - View products that this article applies to.
This article was previously published under Q321460
Microsoft has released a patch that corrects the following two vulnerabilities in SQLXML.
The first vulnerability is an elevation of privilege vulnerability. An attacker who is able to successfully exploit this vulnerability can cause scripts to run on another user's system in the Microsoft Internet Explorer Security Zone associated with the Microsoft Internet Information Services (IIS) server that is running SQLXML HTTP components. This vulnerability is subject to a number of significant mitigating factors:
The first vulnerability results because one of the parameters that can be included in an XML SQL query, known as Root, is not correctly validated. If a script is included in the Root parameter as part of a SQL query, that script is included in the reply from the server. If rendered in a browser, the script runs in the Internet Explorer Security Zone that is associated with the IIS server that is running SQLXML HTTP components.
The second vulnerability results because the SQLXML ISAPI extension contains an unchecked buffer in a section that handles data queries over HTTP.
To resolve this problem, obtain the latest service pack for Microsoft SQL Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/290211/EN-US/ )INF: How To Obtain the Latest SQL Server 2000 Service Pack
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article.
This problem was first corrected in Microsoft SQL Server 2000 Service Pack 3.
For more information about this vulnerability, visit the following Microsoft Web site: