Scenario: Using the Oracle 11gR2 client driver to access Oracle over Linked Server.
Problem: Typing a "--" comment indicator with a star "*" to select all columns in the passthrough query can crash SQL Server. The Comment ("--") and "*" operator referenced mean the query being passed through between tickmarks that gets sent to the Oracle instance.
Platform of SQL Server: Windows 2012R2, SQL 2012 SP1, SQL 2008R2 SP4, others, Virtualized on VMWare
SELECT A.ColumnName FROM OPENQUERY([LINKED_SRV_NAME],
FROM OWNER.TABLE A
WHERE ROWNUM < 10
The above query crashes my SQL 2012 Developer Edition instance. It has crashed other development instances as well.
There is a workaround posted here: http://social.msdn.microsoft.com/Forums/sqlserver/en-US/93a65f6c-6eae-4109-9b60-1907c9ac3d97/openquery-over-oracle-linked-server-crashes-instance-with-c0000005-exceptionaccessviolation?forum=sqldatabaseengine
The workaround is essentially "write different code". While that's a valid workaround that doesn't prevent developers or other parties with just minimal access to the SQL Server from crashing the whole instance by just messing around in Management Studio.
The article above references a bug number but I cannot verify if this is an Oracle bug or a bug in the Linked Server interpretation/parse/etc. libraries. I am also submitting feedback to request that Linked Server access be a securable object so its use and even instantiation can be locked down.