Intrusion Prevention



This indicates an attack attempt against a memory corruption vulnerability in Microsoft SQL Server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted user-supplied parameter to the extended stored procedure "sp_replwritetovarbin". It could allow a remote attacker to execute arbitrary code.

Affected Products

Microsoft SQL Server 2000
Microsoft SQL Server 2005


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are not aware of any vendor supplied patch for this issue.

CVE References