http://www.eeye.com/html/Research/Flash/AL20030125.html
Late Friday, January 24, 2003 we became aware of a new SQL worm spreading
quickly across various networks around the world.
The worm is spreading using a buffer overflow to exploit a flaw in
Microsoft SQL Server 2000. The SQL 2000 server flaw was discovered in July,
2002 by Next Generation Security Software Ltd. The buffer overflow exists
because of the way SQL improperly handles data sent to its Microsoft SQL
Monitor port. Attackers leveraging this vulnerability will be executing
their code as SYSTEM, since Microsoft SQL Server 2000 runs with SYSTEM
privileges.
http://www.hacktivismo.com/news/modules.php?name=News&file=article&sid=970
