Description

The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

Remediation

References

CVE-2000-1085

Related Vulnerabilities

WordPress Plugin Videox7 UGC 'listid' Parameter Cross-Site Scripting (2.5.3.2)

WordPress Plugin Event Espresso Lite-Event Management and Registration System SQL Injection (3.1.37.11)

Python Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2019-9947)

YetiForce CRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-1411)

WordPress Plugin UK Cookie Consent Cross-Site Scripting (2.3.9)

Severity

Medium

Classification

CVE-2000-1085

Tags

Missing Update Known Vulnerabilities