patches for exploits as referenced in this http://www.antionline.com/showthread...hreadid=221863


INFORMATION ALERT


AN UPDATE ON:
BUFFER OVERFLOWS IN MS SQL 7 AND 2000


April 18, 2001

Last night, Microsoft released a Security Bulletin
<http://www.microsoft.com/technet/tre...echnet/securit
y/bulletin/MS02-020.asp>
announcing patches for Microsoft's SQL Server 7 and 2000. These
patches fix the multiple SQL Server buffer overflows we reported on
March 14 in our Information Alert
<https://www3.watchguard.com/archive/...sp?pack=135051>.
Cesar Cerrudo found 17 buffer overflows in extended stored
procedures that come with SQL Server 7 and 2000. A hacker could
exploit these buffer overflows to either crash your SQL server
or, in the worst case, execute arbitrary code with full system
privileges. For more details on this issue see our original alert.

You can find the patches at the links below, under "References."
Administrators using Microsoft SQL Server 7 or 2000 should download,
test, and install the corresponding patch as soon as possible. As
with any new patch, we recommend you first test it on a spare
machine before implementing the patch in a live environment.


REFERENCES:

Microsoft Security Bulletin 02-020
<http://www.microsoft.com/technet/tre...echnet/securit
y/bulletin/MS02-020.asp>

Microsoft's SQL Server 7.0 cumulative patch
<http://support.microsoft.com/directo...EN-US;Q318268&>

Microsoft's SQL Server 2000 cumulative patch
<http://support.microsoft.com/directo...EN-US;Q316333&>