MS-SQL servers allow access via a \"trusted connection\". Default installations allow \"system\" level access to the server by an attacker without the need for a password. Attached \"batch-file\" exploit demonstrates this vulnerability. It expects to have at the very least, a functioning copy of the \"isql.exe\" program in the current directory or directory path. added by prozac