CVE-2007-4814

high

Description

Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.

References

https://www.exploit-db.com/exploits/4398

https://www.exploit-db.com/exploits/4379

https://exchange.xforce.ibmcloud.com/vulnerabilities/36509

http://www.securityfocus.com/archive/1/478822/100/0/threaded

http://www.osvdb.org/38399

http://securityreason.com/securityalert/3112

http://retrogod.altervista.org/microsoft_sqldmo.html

Details

Source: Mitre, NVD

Published: 2007-09-11

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.4571