Description
The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Remediation
References
Related Vulnerabilities
MySQL CVE-2014-2438 Vulnerability (CVE-2014-2438)
WordPress Plugin bodi0`s Bots visits counter Cross-Site Scripting (0.8.1)
WordPress Plugin Absolute Privacy 'abpr_authenticateUser()' Security Bypass (2.0.5)
Drupal Core 9.3.x Cross-Site Scripting (9.3.0 - 9.3.18)
PHP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-10546)