Team SHATTER Security Advisory - Microsoft SQL Server versions 2005, 2008, and 2008 R2 suffer from a SQL injection vulnerability in the RESTORE DATABASE command that can lead to privilege escalation.
b64d5300f1a7ad77731e4342eabd0820c75171ca63e4b9ccb158653ee331263e