Signature Detail

DB: MSSQL Replwritetovarbin Query

This signature detects attempts to exploit a known vulnerability against Microsoft MS-SQL server. A successful attack can lead to arbitrary code execution.

Extended Description

Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to properly handle user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions. The issue affects the following: Microsoft SQL Server 2000 Microsoft SQL Server 2005

Affected Products

• Microsoft SQL Server 2000 8.00.194
• Microsoft SQL Server 2000 SP1
• Microsoft SQL Server 2000 SP2
• Microsoft SQL Server 2000 SP3
• Microsoft SQL Server 2000 Sp3a
• Microsoft SQL Server 2000 SP4
• Microsoft SQL Server 2000
• Microsoft SQL Server 2000 Desktop Engine SP1
• Microsoft SQL Server 2000 Desktop Engine SP2
• Microsoft SQL Server 2000 Desktop Engine SP3
• Microsoft SQL Server 2000 Desktop Engine SP4
• Microsoft SQL Server 2000 Desktop Engine
• Microsoft SQL Server 2000 Desktop Engine
• Microsoft SQL Server 2000 Itanium Edition SP1
• Microsoft SQL Server 2000 Itanium Edition SP2
• Microsoft SQL Server 2000 Itanium Edition SP3
• Microsoft SQL Server 2000 Itanium Edition SP4
• Microsoft SQL Server 2000 Itanium Edition
• Microsoft SQL Server 2005 SP1
• Microsoft SQL Server 2005 SP2
• Microsoft SQL Server 2005 Yukon
• Microsoft SQL Server 2005
• Microsoft SQL Server 2005 Backward Compatibility 8.05.1054
• Microsoft SQL Server 2005 Books Online 9.00.1399.06
• Microsoft SQL Server 2005 Express Edition SP1
• Microsoft SQL Server 2005 Express Edition SP2
• Microsoft SQL Server 2005 Express Edition
• Microsoft SQL Server 2005 Express Edition with Advanced Serv SP1
• Microsoft SQL Server 2005 Express Edition with Advanced Serv SP2
• Microsoft SQL Server 2005 Integration Services 9.1.2047.00
• Microsoft SQL Server 2005 Itanium Edition SP1
• Microsoft SQL Server 2005 Itanium Edition SP2
• Microsoft SQL Server 2005 Itanium Edition
• Microsoft SQL Server 2005 Reporting Services 9.00.1399.06
• Microsoft SQL Server 2005 Tools 9.00.1399.06
• Microsoft SQL Server 2005 Upgrade Advisor 9.00.2407.00
• Microsoft SQL Server 2005 x64 Edition SP1
• Microsoft SQL Server 2005 x64 Edition SP2
• Microsoft Windows 2000 Advanced Server SP4
• Microsoft Windows 2000 Datacenter Server SP4
• Microsoft Windows 2000 Professional SP4
• Microsoft Windows 2000 Server SP4
• Microsoft Windows Internal Database (WYukon) SP1
• Microsoft Windows Internal Database (WYukon) SP2
• Microsoft Windows Internal Database (WYukon)
• Microsoft Windows Internal Database (WYukon) x64 SP1
• Microsoft Windows Internal Database (WYukon) x64 SP2
• Microsoft Windows Internal Database (WYukon) x64
• VMWare vCenter 4.0
• VMWare vCenter 4.1
• VMWare Vcenter Update Manager 1.0
• VMWare Vcenter Update Manager 4.0
• VMWare Vcenter Update Manager 4.1
• VMWare VirtualCenter 2.5
• VMWare VirtualCenter 2.5 Update 1
• VMWare VirtualCenter 2.5 Update 2
• VMWare VirtualCenter 2.5.Update 3 Build 11983
• VMWare VirtualCenter 2.5 Update 4
• VMWare VirtualCenter 2.5 Update 5
• VMWare VirtualCenter 2.5 Update 6

References

• BugTraq: 32710
• CVE: CVE-2008-5416
• URL: http://www.microsoft.com/technet/security/advisory/961040.mspx
• URL: http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx