For more than a year, Microsoft has been sitting on a purported SQL Server vulnerability that could enable a malicious insider to obtain users' passwords, claims database security vendor Sentrigo.

I don't know much about it, except it seems to be a watcom database. I'd never heard of that until I started looking into the db. There is an SQL anywhere 5 service running which talks to it.