Back to search
CVE-2005-2572
Published: Aug 16, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
HPSBPV02918
vendor-advisory
x_refsource_HP
mysql-loadlibraryex-dos(21756)
vdb-entry
x_refsource_XF
62358
vdb-entry
x_refsource_BID
1029010
vdb-entry
x_refsource_SECTRACK
SSRT101272
vendor-advisory
x_refsource_HP
http://www.appsecinc.com/resources/alerts/mysql/2005-003.html
x_refsource_MISC
54788
third-party-advisory
x_refsource_SECUNIA
20050808 [AppSecInc Advisory MYSQL05-V0003] Multiple Issues with MySQL User Defined Functions
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now