| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft Security Bulletin MS02-061: Elevation of Privilege in SQL Server Web Tasks | |
|
||
| Time: 00:12 EST/05:12 GMT | News Source: Microsoft TechNet Security | Posted By: Matthew Sabean | ||
|
SQL Server 7.0 and 2000 provide stored procedures which is a coll- ection of Transact-SQL statements stored under a name and processed as a group. One stored procedure, an extended stored procedure and weak permissions on a table combine to allow a low privileged user the ability to run, delete, insert or update web tasks. An attacker who is able to authenticate to a SQL server could delete, insert or update all the web tasks created by other users. In addition, the attacker could run already created web tasks in the context of the creator of the web task. This typically runs in the context of the SQL Server Agent service account. Patch availability: -Microsoft SQL Server 7.0: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q327068&sd=tech -Microsoft SQL Server 2000: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316333&sd=tech | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 307 Last | Next |
The time now is
1:29:03 PM
ET.
Any comment problems? E-mail us |
| #1 By 1845 (12.254.162.111) at 10/17/2002 3:01:56 AM |
| "coll- ection" Not to be too picky, but this probably could have been spelled "collection" with that dash. |
| #2 By 2459 (24.233.39.98) at 10/17/2002 5:57:33 AM |
| It was probably truncated in the original document, and stayed that way when transferred to the web. That US News article about the "switchers" I posted was like this in a couple of places. MS Word can be set to dash words that won't fit on the same line instead of spacing the word to the next line. This (or similar) might be what occured here (and in the US News article). |
| #3 By 1845 (12.254.162.111) at 10/17/2002 3:58:54 PM |
| I kind of figured that. Since the same situation does exist here, though, the dash isn't required and looks rather out of place. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 307 Last | Next |
The time now is
1:29:03 PM
ET.
Any comment problems? E-mail us |
