I have not seen this. I suspect it's a query with some hex in it, though the KB mentions a call to a virtual function. They typically don't publish the query as people might run it on their instances (or others).
Still, going deeper I do now know that it is related to two things:
One comes from Transactional replication
and the other one (exploit) comes from database name, schema name and data within it.
I feel more safe knowing this than just a "virtual call". I know more what to be aware of.
- The first one, it's not always on and most of the time it's scripted or setup by a DBA
- The second, not very easy to cover / hide
For both of them a DBA could easily exploit those two vulnerabilities, but at the basis, a DBA often has all the rights in SQL Server (and often on the box for perfmon and the like also) so it would be pointless for them to do such attacks other than preventing non-DBA to do it.
The other question I have in mind is: in what circumstances that person found this vulnerability?