Arbitrary Code Execution Vulnerability in Microsoft SQL Server 7.0 and 2000
CVE-2001-0542 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.