Security 10817 Published by

Microsoft has posted a security bulletin for the Unchecked Buffer in SQLXML Could Lead to Code Execution issue



SQLXML enables the transfer of XML data to and from SQL Server 2000.
Database queries can be returned in the form of XML documents which
can then be stored or transferred easily. Using SQLXML, you can
access SQL Server 2000 using XML through your browser over HTTP.

Two vulnerabilities exist in SQLXML:

- - An unchecked buffer vulnerability in an ISAPI extension that could,
in the worst case, allow an attacker to run code of their choice
on the Microsoft Internet Information Services (IIS) Server.

- - A vulnerability in a function specifying an XML tag that could
allow an attacker to run script on the user's computer with higher
privilege. For example, a script might be able to be run in the
Intranet Zone instead of the Internet Zone.
Read more