Microsoft SQL Server Client Utilities UDP Broadcasts Buffer Overflow Vulnerability

August 21, 2003

[From Help Net Security]

A Unicode buffer overflow exists in MDAC which is used by the SQL Server SQL-DMO library that could allow a remote user to execute malicious code on the target computer. The vulnerability does not occur when accepting incoming connections, but rather in the response to broadcast queries.

All SQL Servers receiving the broadcast request respond with a standard UDP packet. If a malicious machine responds to this broadcast with an overlong packet a stack buffer overflow occur.

The article continues at http://www.net-security.org/vuln.php?id=2899