Microsoft's database server SQL Server 2000 exhibits two buffer overrun vulnerabilities that can be exploited by a remote attacker without ever having to authenticate to the server.
• Microsoft SQL Server provides the ability to call functions in DLLs outside of the database.
• Extended stored procedures, greatly expand the functionality of Microsoft SQL Server. They can be used to access the operating system or the network.
• SQL Server uses physical memory for server operation overhead, data (buffer) cache, and procedure cache.