June 15, 2001

Microsoft SQL Server administrator cached connection vulnerability

Author: JT Smith

SecurityFocus.com: "Due to a flaw in the handling of specially crafted ad hoc queries, it is possible for a logged in user
to utilize the ad hoc query in such a way that the use of the system administrator's cached
connection would be invoked rather than that of the user. This would enable the user to access the
database with administrative privileges."
Click Here!