The OLE automation stored procedures provide access to the Component Object Model (COM), which grants Visual Basic functionality to T-SQL scripts. When used by a skilled attacker, they are very powerful and could be used to manipulate Microsoft Office documents, utilize other COM-compatible code, or send e- mails .
xp_dsninfo: Displays an ODBC datasource's settings.
xp_enumdsn: Lists all ODBC datasources on the server.
sp_OACreate: Used to instantiate an OLE object. Methods of the object can then be called, allowing its functionality to be exploited.
sp_OADestroy: Used to destroy an OLE object.
sp_OAGetErrorInfo: Returns error information for the most recent OLE automation stored procedure call.
sp_OAGetProperty: Gets the value of a property in the OLE object.
sp_OAMethod: Calls a method of the OLE object. These are routines that perform a certain function.
sp_OASetProperty: Sets the value of a property in the OLE object.
sp_OAStop: Stops the OLE automation environment, and disables T-SQL access to COM components .
sp_sdidebug: Used to debug T-SQL statements; could reveal confidential information.