Skip to content
/ CVE-2008-5416 Public

Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection

3 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SECFORCE/CVE-2008-5416

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
exploit.rb
exploit.rb
 
 

Repository files navigation

CVE-2008-5416

Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection

A heap-based buffer overflow can occur when calling the undocumented "sp_replwritetovarbin" extended stored procedure. This vulnerability affects all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database, and Microsoft Desktop Engine (MSDE) without the updates supplied in MS09-004. Microsoft patched this vulnerability in SP3 for 2005 without any public mention.

Credits:

      'jduck',          # MS09-004 base exploit
      'Rodrigo Marcos'  # SQL Injection mods

About

Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published