Microsoft Security Bulletin MS02-030 - Unchecked Buffer in SQLXML Could Lead to Code Execution. There are two vulnerabilities that exist in MSSQLXML, which ships as part of SQL Server 2000. One is an unchecked buffer vulnerability in an ISAPI extension that could allow an attacker to run code of their choice on the Microsoft Internet Information Services (IIS) Server. There is another that is in a function specifying an XML tag that could allow an attacker to run script on the user's computer with higher privilege. For example, a script might be able to be run in the Intranet Zone instead of the Internet Zone.
2a8847567dc7da7e1d3a81f07df13ef81887cdfc660d0b9b1234378fcd74b3bd