This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
Arbitrary code can be executed on the remote host through Microsoft SQL
The remote host is running a version of Microsoft SQL Server, Desktop
Engine or Internal Database that suffers from an authenticated, remote
code execution vulnerability in the extended stored procedure
'sp_replwritetovarbin' due to an invalid parameter check.
Successful exploitation could allow an attacker to take complete
control of the affected system.
See also :
Microsoft has released a set of patches for SQL Server 2000 and 2005.
Risk factor :
High / CVSS Base Score : 9.0
CVSS Temporal Score : 7.4
Public Exploit Available : true