Microsoft SQL Server Stored Procedure Buffer Overflow Vulnerability
 |
 |
 |
 |
A buffer overflow vulnerability has been reported in Microsoft SQL Server.
Microsoft SQL Server is a relational database management system (RDBMS). The vulnerability is due to an error in the Microsoft SQL Server when calling the extended stored procedure sp_replwritetovarbin with a set of crafted parameters. By sending a specially crafted SQL script to a target server, a remote attacker may trigger this vulnerability to execute arbitrary code on the affected system. Although a direct attack to the database would still require authentication, attackers may also exploit this vulnerability through web applications that are linked with SQL server.
Successful exploitation would cause a denial of service and may allow execution of arbitrary code on a vulnerable system.
Although there is currently no Microsoft patch available, SmartDefense Services provides protections to Check Point products against exploits that use this vulnerability. See CPAI-2008-189 for more information.