| CVE-2000-1088 | Date: (C)2001-01-09 (M)2023-12-22 |
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVSS Score and Metrics +CVSS Score and Metrics -| CVSS V2 Severity: |
| CVSS Score : 4.6 |
| Exploit Score: 3.9 |
| Impact Score: 6.4 |
| |
| CVSS V2 Metrics: |
| Access Vector: LOCAL |
| Access Complexity: LOW |
| Authentication: NONE |
| Confidentiality: PARTIAL |
| Integrity: PARTIAL |
| Availability: PARTIAL |
| | |
