Andreas Junstream

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server versions 7.0 through 2000 MSDE (affected versions not specified) Description: The issue allows local users to gain privileges by hijacking a named pipe during the authentication of another user. This is related to the "Named Pipe Hijacking" vulnerability. Recommendations: For Microsoft SQL Server versions 7.0 through 2000, consider restricting access to named pipes to minimize the risk of exploitation. For MSDE, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server versions 7.0 through 2000 MSDE (affected versions not specified) Description: The issue allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. Recommendations: For Microsoft SQL Server versions 7.0 through 2000, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For MSDE, at the moment, there is no information about a newer version that contains a fix for this vulnerability.