Microsoft SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability( 11 February 2009 )

Last Update Date: 28 Jan 2011 Release Date: 11 Feb 2009 4581 Views

RISK: Medium Risk

Medium Risk

A remote code execution vulnerability exists in the way that SQL Server checks parameters in the "sp_replwritetovarbin" extended stored procedure. The vulnerability could allow remote code execution if untrusted users have access to an affected system or if a SQL injection vulnerability exists on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

Impact

  • Remote Code Execution

System / Technologies affected

  • Windows Server 2003
  • Windows Server 2008
  • Microsoft SQL Server 2000 Desktop Engine (WMSDE)
  • Windows Internal Database (WYukon)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

SQL Server

GDR Software UpdatesQFE Software Updates
SQL Server 2000 Service Pack 4 (KB960082)SQL Server 2000 Service Pack 4 (KB960083)
SQL Server 2000 Itanium-based Edition Service Pack 4 (KB960082)SQL Server 2000 Itanium-based Edition Service Pack 4 (KB960083)
SQL Server 2005 Service Pack 2 (KB960089)SQL Server 2005 Service Pack 2 (KB960090)
SQL Server 2005 x64 Edition Service Pack 2 (KB960089)SQL Server 2005 x64 Edition Service Pack 2 (KB960090)
SQL Server 2005 with SP2 for Itanium-based Systems (KB960089)SQL Server 2005 with SP2 for Itanium-based Systems (KB960090)
Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4 (KB960082)Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4 (KB960083)
SQL Server 2005 Express Edition Service Pack 2 (KB960089)SQL Server 2005 Express Edition Service Pack 2 (KB960090)
SQL Server 2005 Express Edition with Advanced Services Service Pack 2 (KB960089)SQL Server 2005 Express Edition with Advanced Services Service Pack 2 (KB960090)

Windows Components

Microsoft SQL Server 2000 Desktop Engine (WMSDE) (KB960082)Windows Internal Database (WYukon) Service Pack 2 (KB960089)
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
-Windows Server 2008 for 32-bit Systems
-Windows Server 2008 for x64-based Systems

Vulnerability Identifier

Source

Related Link

Share with

Previous

Google Chrome URI Handler Registration Vulnerability

10 Feb 2009 4831 Views

Next

Microsoft Exchange Server Multiple Vulnerabilities( 11 February 2009 )

11 Feb 2009 4502 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY