Microsoft Security Advisory (961040): Vulnerability in SQL Server Could Allow Remote

12-23-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Microsoft Security Advisory (961040): Vulnerability in SQL Server Could Allow Remote

Revision Note: Advisory published Advisory Summary:Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). Systems with Microsoft SQL Server 7.0 Service Pack 4 and Microsoft SQL Server 2008 are not affected by this issue.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

ODBC_CONNECT(3) 1 ODBC_CONNECT(3) odbc_connect - Connect to a datasource SYNOPSIS
resource odbc_connect (string $dsn, string $user, string $password, [int $cursor_type]) DESCRIPTION
The connection id returned by this functions is needed by other ODBC functions. You can have multiple connections open at once as long as they either use different db or different credentials. With some ODBC drivers, executing a complex stored procedure may fail with an error similar to: "Cannot open a cursor on a stored proce- dure that has anything other than a single select statement in it". Using SQL_CUR_USE_ODBC may avoid that error. Also, some drivers don't support the optional row_number parameter in odbc_fetch_row(3). SQL_CUR_USE_ODBC might help in that case, too. PARAMETERS
o $dsn - The database source name for the connection. Alternatively, a DSN-less connection string can be used. o $user - The username. o $password - The password. o $cursor_type - This sets the type of cursor to be used for this connection. This parameter is not normally needed, but can be useful for work- ing around problems with some ODBC drivers. The following constants are defined for cursortype: o SQL_CUR_USE_IF_NEEDED o SQL_CUR_USE_ODBC o SQL_CUR_USE_DRIVER RETURN VALUES
Returns an ODBC connection or ( FALSE) on error. EXAMPLES
Example #1 DSN-less connections <?php // Microsoft SQL Server using the SQL Native Client 10.0 ODBC Driver - allows connection to SQL 7, 2000, 2005 and 2008 $connection = odbc_connect("Driver={SQL Server Native Client 10.0};Server=$server;Database=$database;", $user, $password); // Microsoft Access $connection = odbc_connect("Driver={Microsoft Access Driver (*.mdb)};Dbq=$mdbFilename", $user, $password); // Microsoft Excel $excelFile = realpath('C:/ExcelData.xls'); $excelDir = dirname($excelFile); $connection = odbc_connect("Driver={Microsoft Excel Driver (*.xls)};DriverId=790;Dbq=$excelFile;DefaultDir=$excelDir" , '', ''); ?> SEE ALSO
For persistent connections: odbc_pconnect(3). PHP Documentation Group ODBC_CONNECT(3)

Security Advisories (RSS) - Microsoft

Microsoft Security Advisory (961040): Vulnerability in SQL Server Could Allow Remote

LEARN ABOUT PHP

odbc_connect