Re: Another Sql Server 7 Buffer Overflow (Update)

[c c <cesarc56 () yahoo com>]

Hoops...

Sql Server 2000 all service packs is affected too.

Try:

exec xp_dirtree N'XXX...'--> 260 exactly X's

The overflow will ocurr only if the parameter is
passed as unicode and the string lenght must be
exactly 260 in lenght.

Especial Thanks to Aaron C. Newman (Application
Security, Inc.) to point me that Sql 2000 is affected
too and for his colaboration in tests.


Cesar Cerrudo.
Argentina.


__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/