Re: MSDE,Sql Server 7 & 2000 Adhoc Heterogenous Queries Buffer Overflow and DOS

From: c c (cesarc56@UOL.COM.AR)
Date: 02/20/02

Date:         Wed, 20 Feb 2002 12:12:45 -0300
From: c c <cesarc56@UOL.COM.AR>

Mark wrote :

>Ok, since I've been through something similar here
recently, MS may not be
>getting back to you since they already have a hotfix
for a part of this
>problem I found back in January:
......text deleted
>I would suggest anyone using OPENQUERY or the like try
contacting PSS
>before throwing themselves under the bus. I've been
running their hotfix
>for some time now without any errors.



>Mark Deason - President
>Silverside Eq. Inc. - A Leasing Solution Provider


I think the problem that i mention in the advisory have
to do with OpenDatasource
and OpenRowset functions in the way that they handle
the parameters and is very
diferent to what you are talking : OPENQUERY function
and a linked server
with a particular oledb provider MSOLAP. Looking at
the link that you provide,
the problem that you describe applies to MDX queries
and Microsoft SQL Server 2000
Analysis Services and if you look at the files included
in the fix all the files belongs to
Microsoft SQL Server Analysis Services and not to OLE
DB providers.


Cesar Cerrudo.
Parana, Entre Rios.
UOLMAIL - Todo Argentino tiene derecho a lo mejor de Internet.

Delivery co-sponsored by VeriSign - The Internet Trust Company
Do you have 128-bit SSL encryption server security?
Get VeriSign's FREE Guide, "Securing Your Web Site for Business," and learn
everything you need to know about using 128-bit SSL to encrypt your
e-commerce transactions, secure your intranets and authenticate your Web
site. 128-bit SSL is serious security for your online business. Get it now!