Article ID: 304851 - View products that this article applies to.
This article was previously published under Q304851
This article has been archived. It is offered "as is" and will no longer be updated.
BUG #: 101942 (SQLBUG_70)
SQL Server 7.0 provides a number of functions that enable database queries to generate text messages. In some cases, the functions create a text message and store it in a variable; in others, the functions directly display the message. A vulnerability has been discovered with these functions.
Use of an invalid format type character may allow SQL Server to overwrite an internal buffer that may overwrite an address in the SQL Server process space with arbitrary data. If SQL Server overwrites an address in the SQL Server process space with arbitrary data, SQL Server may potentially allow you to execute arbitrary code within SQL Server or the SQL Server process may abnormally terminate.
For additional information about this security fix, refer to the following Web address:
Microsoft Security Bulletin MS01-060
The SQL Server parser incorrectly allows you to use an invalid type character with some text functions.
To resolve this problem, obtain the latest service pack for Microsoft SQL Server 7.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
301511NOTE: The following hotfix was created prior to Microsoft SQL Server 7.0 Service Pack 4.
(http://support.microsoft.com/kb/301511/EN-US/ )INF: How to Obtain the Latest SQL Server 7.0 Service Pack
Microsoft recommends that you apply this hotfix to your SQL Server 7.0 installation. SQL Server 7.0 Service Pack 3 is required to apply this fix.
For more information about how to obtain SQL Server 7.0 Service Pack 3, please see the following article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/274799/EN-US/ )How to Obtain Service Pack 3 for Microsoft SQL Server 7.0
NOTE: SQL Server 7 (7.00.1020), or later, already contains the fix; therefore, you do not need to apply the hotfix if you are using SQL Server 7 (7.00.1020) or later.
The following file is available for download from the Microsoft Download Center:
SQL70-KB815495-v7.00.1094-ENU.exeRelease Date: JAN-24-2002
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
(http://support.microsoft.com/kb/119591/EN-US/ )How To Obtain Microsoft Support Files from Online Services
To ensure that you have properly installed the fix, run the following command from Query Analyzer or from OSQL the command prompt:
"SELECT @@VERSION" (without the quotation marks)
Depending on your platform, the result you receive is either:
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 4.