icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Microsoft SQL Server Remote Code Execution Vulnerability (959420)

High

Synopsis

Arbitrary code can be executed on the remote host through SQL Server.

Description

The remote host is running a version of Microsoft SQL Server, Desktop Engine or Internal Database that suffers from an authenticated remote code execution vulnerability in the MSSQL extended stored procedure 'sp_replwritetovarbin' due to an invalid parameter check. Successful exploitation could allow an attacker to take complete control of the affected system.

Solution

Upgrade or patch according to vendor recommendations.