Description
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-2001-0151)
Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2080)
Oracle JRE CVE-2014-0451 Vulnerability (CVE-2014-0451)
PHP-Fusion CVE-2020-35952 Vulnerability (CVE-2020-35952)
WordPress 2.8.1 Comment Author URI Cross-Site Scripting Vulnerability (0.6.2 - 2.8.1)