PT-2002-1148 · Microsoft · Sql Server
Published
2002-02-21
·
Updated
2018-10-12
·
CVE-2002-0056
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SQL Server versions 7.0 through 2000
Description
The issue allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.
Recommendations
For SQL Server versions 7.0 through 2000, consider restricting access to the OpenDataSource and OpenRowset functions in ad hoc connections to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sql Server