Atstake Security Advisory A072303-3 - By sending a specially crafted message to the local LPC port for Microsoft SQL Server, it is possible to overwrite information stored on the stack. This would allow an attacker to execute code under SQL Server's credentials thereby escalating privileges. This would then allow the user to read and write access to the database files. If the SQL Server is running under the Administrator or Local System account this would enable system compromise.
117cbb53e11b5d137ca26262d9725ad4c4f1bef3dd4ac8e5e18f9278df670308
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed