打印本文 打印本文  关闭窗口 关闭窗口  
MSSQLServer查询有效性检查漏洞
作者:佚名  文章来源:不详  点击数  更新时间:2008/4/18 14:54:31  文章录入:杜斌  责任编辑:杜斌

  受影响系统:

  Microsoft Data Engine 1.0

  - Microsoft Visual Studio 6.0

  - Microsoft Windows NT 4.0

  - Microsoft Access 2000

  + Microsoft Office 2000

  - Microsoft Windows 98

  - Microsoft Windows 95

  - Microsoft Windows NT 4.0

  - Microsoft Windows NT 2000.0

  Microsoft SQL Server 7.0

  - Microsoft Windows NT 4.0

  - Microsoft BackOffice 4.5

  - Microsoft Windows NT 4.0

  描述:

  by Microsoft Security Bulletin

  Microsoft SQL Serve 7.0和Data Engine(数据引擎)接收SQL查询时有可能造成数据库或系统被入侵。任何经过SQL验证的用户都有可能能够通过SQL SELECT命令以数据拥有者或管理员权限执行命令。

  建议:

  Microsoft公司提供以下安全补丁:

  Microsoft Data Engine 1.0:

  Microsoft patch s70780a (Alpha Version)

  http://www.microsoft.com/downloads/release.asp?ReleaseID=19132

  Microsoft patch s70780i (Intel Version)

  http://www.microsoft.com/downloads/release.asp?ReleaseID=19132

  Microsoft SQL Server 7.0:

  Microsoft patch s70780a (Alpha Version)

  http://www.microsoft.com/downloads/release.asp?ReleaseID=19132

  Microsoft patch s70780i (Intel Version)

  http://www.microsoft.com/downloads/release.asp?ReleaseID=19132
打印本文 打印本文  关闭窗口 关闭窗口