QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-5416

Back to search

CVE-2008-5416

Published: Dec 10, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."

VendorProductVersions

n/a

n/a

affected
n/a

References

ADV-2008-3380
vdb-entry
x_refsource_VUPEN
33034
third-party-advisory
x_refsource_SECUNIA
50917
vdb-entry
x_refsource_OSVDB
1021363
vdb-entry
x_refsource_SECTRACK
7501
exploit
x_refsource_EXPLOIT-DB
1021490
vdb-entry
x_refsource_SECTRACK
VU#696644
third-party-advisory
x_refsource_CERT-VN
MS09-004
vendor-advisory
x_refsource_MS
4706
third-party-advisory
x_refsource_SREASON
32710
vdb-entry
x_refsource_BID
oval:org.mitre.oval:def:6217
vdb-entry
signature
x_refsource_OVAL
TA09-041A
third-party-advisory
x_refsource_CERT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now