Description
The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Improper Locking Vulnerability (CVE-2004-0174)
Drupal Configuration Vulnerability (CVE-2008-6171)
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2021-28683)
Oracle JRE CVE-2024-21145 Vulnerability (CVE-2024-21145)
Oracle Database Server CVE-2007-5515 Vulnerability (CVE-2007-5515)