CVE-2008-4110

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server 2000 (aka SQL Server 8.0)

Description A buffer overflow issue exists in the SQLVDIRLib.SQLVDirControl ActiveX control, which can be exploited by remote attackers to cause a denial of service or possibly execute arbitrary code. This is achieved by providing a long URL in the second argument to the Connect method. However, in many environments, this issue may not be considered a vulnerability due to the control not being marked as safe for scripting and default Internet Explorer settings preventing its execution.

Recommendations For Microsoft SQL Server 2000, consider restricting access to the SQLVDIRLib.SQLVDirControl ActiveX control to minimize the risk of exploitation. As a temporary workaround, avoid using the Connect method with long URLs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.