Buffer overflow in Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005 SP2, Microsoft Data Engine (MSDE) 1.0 SP4, SQL Server 2000 Desktop Engine (MSDE 2000) SP4, and 2005 Express Edition SP2 allows remote authenticated users to execute arbitrary code via a crafted insert statement.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0106)