On May 12, 2014, SAP published updates to Adaptive Server Enterprise versions 15.0. 15.5 and 15.7 on all platforms. These updates addressed a security flaw in a built-in procedure implementation. The flaw allows any authenticated database user to overwrite the master encryption key or execute arbitrary code in the database server process context. Below I will discuss in detail what happens inside the server when the vulnerable procedure is invoked.