CVE - CVE-2008-5416

CVE-ID
CVE-2008-5416	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:32710 URL:http://www.securityfocus.com/bid/32710 BUGTRAQ:20081209 SEC Consult SA-20081109-0 :: Microsoft SQL Server 2000 sp_replwritetovarbin limited memory overwrite vulnerability URL:http://www.securityfocus.com/archive/1/499042/100/0/threaded BUGTRAQ:20081210 Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite(update to SEC Consult SA-20081209) URL:http://www.securityfocus.com/archive/1/499085/100/0/threaded BUGTRAQ:20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX URL:http://www.securityfocus.com/archive/1/516397/100/0/threaded CERT:TA09-041A URL:http://www.us-cert.gov/cas/techalerts/TA09-041A.html CERT-VN:VU#696644 URL:http://www.kb.cert.org/vuls/id/696644 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2009-055.htm CONFIRM:http://www.microsoft.com/technet/security/advisory/961040.mspx CONFIRM:http://www.vmware.com/security/advisories/VMSA-2011-0003.html CONFIRM:http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html EXPLOIT-DB:7501 URL:https://www.exploit-db.com/exploits/7501 FULLDISC:20081210 Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite (update to SEC Consult SA-20081209) URL:http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0304.html MISC:http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt MS:MS09-004 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-004 OSVDB:50917 URL:~~http://osvdb.org/50917~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:6217 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6217 SECTRACK:1021363 URL:http://securitytracker.com/id?1021363 SECTRACK:1021490 URL:http://securitytracker.com/id?1021490 SECUNIA:33034 URL:http://secunia.com/advisories/33034 SREASON:4706 URL:http://securityreason.com/securityalert/4706 VUPEN:ADV-2008-3380 URL:~~http://www.vupen.com/english/advisories/2008/3380~~ (Obsolete source) XF:mssql-spreplwritetovarbin-bo(47182) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/47182
Assigning CNA
MITRE Corporation
Date Record Created
20081210	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20081210)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)