CVE-2002-0641

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server 2000 Microsoft SQL Server Desktop Engine (MSDE) 2000

Description A buffer overflow issue exists in the bulk insert procedure, allowing attackers with database administration privileges to execute arbitrary code. This can be achieved by using a long filename in the BULK INSERT query.

Recommendations For Microsoft SQL Server 2000, consider restricting database administration privileges to minimize the risk of exploitation. For Microsoft SQL Server Desktop Engine (MSDE) 2000, avoid using long filenames in the BULK INSERT query until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.