CVE-2008-5416 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-5416
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-5416

Description: Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/47182 ST 1021363 1021490 SREASON http://securityreason.com/securityalert/4706 SAID Secunia Advisory: SA33034 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6217 OSVDB 50917 MS http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx MISC http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt MILW0RM http://www.milw0rm.com/exploits/7501 FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0304.html CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-055.htm http://www.microsoft.com/technet/security/advisory/961040.mspx CERT-VN 696644 CERT http://www.us-cert.gov/cas/techalerts/TA09-041A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/499085/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/499042/100/0/threaded BID 32710

Return to the previous page.