Arbitrary Code Execution Vulnerability in Microsoft SQL Server 7.0 and 2000

Arbitrary Code Execution Vulnerability in Microsoft SQL Server 7.0 and 2000

CVE-2001-0542 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.