A flaw in the way SQL Server handles extended stored procedures makes the database vulnerable to a buffer overflow attack. Microsoft provided a patch for the problem.