Intrusion Prevention

MS.SQL.Server.Sp_replwritetovarbin.Memory.Overwrite

Description

This indicates an attack attempt against a memory corruption vulnerability in Microsoft SQL Server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted user-supplied parameter to the extended stored procedure "sp_replwritetovarbin". It could allow a remote attacker to execute arbitrary code.

Affected Products

Microsoft SQL Server 2000
Microsoft SQL Server 2005

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are not aware of any vendor supplied patch for this issue.

CVE References

CVE-2008-5416