Current system
Windows 2000 server SP4
SQL Enterprise SP3a
We were using xp_SMTP_Sendmail from SQLDEV.net, and a few procedures
used CDO to send e-mail.
All was fine for years until this weekend.
We installed the following patches:
MS06-031
Microsoft Security Bulletin MS06-031
Vulnerability in RPC Mutual Authentication Could Allow Spoofing
(917736)
MS06-070
Microsoft Security Bulletin MS06-070
Vulnerability in Workstation Service Could Allow Remote Code Execution
(924270)
MS07-017
Microsoft Security Bulletin MS07-017
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
MS07-022
Microsoft Security Bulletin MS07-022
Vulnerability in Windows Kernel Could Allow Elevation of Privilege
(931784)
MS07-031
Microsoft Security Bulletin MS07-031 - Critical
Vulnerability in the Windows Schannel Security Package Could Allow
Remote
Code Execution (935840)
As soon as I hit this part of the code to create the mail object
EXEC @.hr = sp_OACreate 'CDO.Message', @.iMsg OUT
print @.hr
EXEC @.hr = sp_OAGetErrorInfo NULL, @.source OUT, @.description OUT
print ' Description: ' + @.description
I get the following error
-2147023782
Description: A dynamic link library (DLL) initialization routine
failed.
All other references to @.iMsg fail as the object does not exist.
Source code for Procedure at:
http://support.microsoft.com/kb/312839
Thanks!
David HayI've been able to drill a little further. the SP_OACreate refrences
stdole70.dll
On to the next...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment