Beenudel1986_At_Gmail.Com

**Name of the Vulnerable Software and Affected Versions** Microsoft SQL Server 2000 (aka SQL Server 8.0) **Description** A buffer overflow issue exists in the SQLVDIRLib.SQLVDirControl ActiveX control, which can be exploited by remote attackers to cause a denial of service or possibly execute arbitrary code. This is achieved by providing a long URL in the second argument to the `Connect` method. However, in many environments, this issue may not be considered a vulnerability due to the control not being marked as safe for scripting and default Internet Explorer settings preventing its execution. **Recommendations** For Microsoft SQL Server 2000, consider restricting access to the SQLVDIRLib.SQLVDirControl ActiveX control to minimize the risk of exploitation. As a temporary workaround, avoid using the `Connect` method with long URLs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.