Release DateJan 08, 2009 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a memory corruption vulnerability in Microsoft SQL Server.The vulnerability is caused by an error when the vulnerable software handles a specially crafted user-supplied parameter to the extended stored procedure "sp_replwritetovarbin". It could allow a remote attacker to execute arbitrary code. |
Affected ProductsMicrosoft SQL Server 2000Microsoft SQL Server 2005 |
Recommended ActionsCurrently we are not aware of any vendor supplied patch for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-5416 |
Reference/shttp://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txthttp://secunia.com/advisories/33035/ http://www.securityfocus.com/bid/32710 (BugTraq) http://www.milw0rm.com/exploits/7501 http://technet.microsoft.com/en-us/security/bulletin/ms09-004.mspx (MS-ID) |
