• A buffer overrun in a section of code in SQL Server 2000 (and MSDE 2000) associated with user authentication. By sending a specially malformed login request to an affected server, an attacker could either cause the server to fail or gain the ability to overwrite memory on the server, thereby potentially running code on the server in the security context of the SQL Server service. It would not be necessary for the user to successfully authenticate to the server or to be able to issue direct commands to it in order to exploit the vulnerability.
• A buffer overrun vulnerability that occurs in one of the Database Console Commands (DBCCs) that ship as part of SQL Server 7.0 and 2000. In the most serious case, exploiting this vulnerability would enable an attacker to run code in the context of the SQL Server service, thereby giving the attacker complete control over all databases on the server.
• A vulnerability associated with scheduled jobs in SQL Server 7.0 and 2000. SQL Server allows unprivileged users to create scheduled jobs that will be executed by the SQL Server Agent. By design, the SQL Server Agent should only perform job steps that are appropriate for the requesting user’s privileges. However, when a job step requests that an output file be created, the SQL Server Agent does so using its own privileges rather than the job owners privileges. This creates a situation in which an unprivileged user could submit a job that would create a file containing valid operating system commands in another user’s Startup folder, or simply overwrite system files in order to disrupt system operation

Download locations for this patch

• Microsoft SQL Server 7.0:
  http://support.microsoft.com/default.aspx?scid=kb;en-us;Q327068&sd=tech
• Microsoft SQL Server 2000:
  http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316333&sd=tech