Microsoft SQL Server无效查询漏洞

漏洞信息详情

Microsoft SQL Server无效查询漏洞

• CNNVD编号：CNNVD-200003-016
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2000-0202
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2000-03-08
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-01
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Reported to Micros…

Microsoft SQL Server 7.0版本和Microsoft Data Engine (MSDE) 1.0版本存在漏洞 。远程攻击者借助SQL查询中畸形的选择语句可以提升特权。

Microsoft has released a patch for this issue, available at the following location:
http://www.microsoft.com/downloads/release.asp?ReleaseID=19132
Note that the patch will not work on SQL Servers with the Beta version of SP2 installed.
Microsoft Data Engine 1.0

• Microsoft Q256052Alpha Version
  
  http://download.microsoft.com/download/sql70/Patch/2000.3.1.0/NT4ALPHA
  /EN-US/s70780a.exe
• Microsoft Q256052Intel Version
  
  http://download.microsoft.com/download/sql70/Patch/2000.3.1.0/NT4ALPHA
  /EN-US/s70780i.exe

Microsoft SQL Server 7.0

• Microsoft Q256052Alpha Version
  
  http://download.microsoft.com/download/sql70/Patch/2000.3.1.0/NT4ALPHA
  /EN-US/s70780a.exe
• Microsoft Q256052Intel Version
  
  http://download.microsoft.com/download/sql70/Patch/2000.3.1.0/NT4ALPHA
  /EN-US/s70780i.exe

来源: BID
名称: 1041
链接:http://www.securityfocus.com/bid/1041

来源: MS
名称: MS00-014
链接:http://www.microsoft.com/technet/security/bulletin/ms00-014.mspx