Description

The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.

Remediation

References

CVE-2000-1088

Related Vulnerabilities

WordPress Plugin PIKLIST-Rapid development framework Cross-Site Scripting (0.9.4.25)

Microsoft SQL Server Other Vulnerability (CVE-2002-0056)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6729)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.13)

XWikiplatform Improper Encoding or Escaping of Output Vulnerability (CVE-2024-55663)

Severity

Medium

Classification

CVE-2000-1088

Tags

Missing Update Known Vulnerabilities