SecurityFocus.com: "Due to a flaw in the handling of specially crafted ad hoc queries, it is possible for a logged in user
to utilize the ad hoc query in such a way that the use of the system administrator's cached
connection would be invoked rather than that of the user. This would enable the user to access the
database with administrative privileges."
June 15, 2001