Microsoft SQL Server 2000 (up to SP2) suffers from buffer/heap overflow in
built-in hashing function pwdencrypt(). Sample code shown below crashes
SQL Server service and may lead to arbitrary code execution:
SELECT pwdencrypt(REPLICATE('A',353))
On some systems it may require lager amount of characters to cause
overflow (1000 is enough in any case)
This was confirmed by Microsoft but is not known when the patch will be
released.
Cheers
Martin Rakhmanoff (jimmers)
jimmers@yandex.ru
