Skip to content

Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection

Notifications You must be signed in to change notification settings

SECFORCE/CVE-2008-5416

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 

Repository files navigation

CVE-2008-5416

Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection

A heap-based buffer overflow can occur when calling the undocumented "sp_replwritetovarbin" extended stored procedure. This vulnerability affects all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database, and Microsoft Desktop Engine (MSDE) without the updates supplied in MS09-004. Microsoft patched this vulnerability in SP3 for 2005 without any public mention.

Credits:

      'jduck',          # MS09-004 base exploit
      'Rodrigo Marcos'  # SQL Injection mods

About

Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published