PROBLEM: A security vulnerability has been identified in Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0. PLATFORM: All platforms running SQL Server 7.0 and MSDE 1.0. DAMAGE: The remote author of a malicious SQL query may take unauthorized actions on a SQL Server or MSDE database or on the underlying system that was hosting the SQL Server or MSDE database. SOLUTION: Apply the patch given in the Security Bulletin below or else apply register settings as indicated in Frequently Asked Questions page given in the bulletin.
VULNERABILITY Risk is low. The attacker must have the right to submit queries ASSESSMENT: to the SQL Server or MSDE via ODBE, OLE DB, or DB-Library and be logged on using the SQL Server Security.
Voice: +1 925-422-8193 (7 x 24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: firstname.lastname@example.org World Wide Web: http://www.ciac.org/ http://ciac.llnl.gov (same machine -- either one will work) Anonymous FTP: ftp.ciac.org ciac.llnl.gov (same machine -- either one will work)