Title: Unchecked Buffer in MDAC Function Could Enable SQL
Server Compromise (Q326573)
Date: 31 July 2002
Software: Microsoft Data Access Components
Impact: Run code of attacker's choice
Max Risk: Moderate
Bulletin: MS02-040
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-040.asp.
The Microsoft Data Access Components (MDAC) provide a number of
supporting technologies for
accessing and using databases. Included among these functions is the
underlying support for
the T-SQL OpenRowSet command. A security vulnerability results
because the MDAC functions
underlying OpenRowSet contain an unchecked buffer.
An attacker who submitted a database query containing a specially
malformed parameter within
a call to OpenRowSet could overrun the buffer, either for the purpose
of causing the SQL
Server to fail or causing the SQL Server service to take actions
dictated by the attacker.
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT
WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER
EXPRESS OR IMPLIED,
INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER
INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF
BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION
OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY
NOT APPLY.