This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
Arbitrary code can be executed on the remote host through the Microsoft
GDI rendering engine.
The remote host has a version of SQL Server that may host the
RSClientPrint ActiveX control that includes a copy of gdiplus.dll that
is affected by multiple buffer overflow vulnerabilities when viewing
TIFF, PNG, BMP, and Office files that could allow an attacker to execute
arbitrary code on the remote host. Additionally, there is a GDI+ .NET
API vulnerability that allows a malicious .NET application to gain
unmanaged code execution privileges.
To exploit these flaws, an attacker would need to send a malformed image
file to a user on the remote host and wait for them to open it using an
affected Microsoft application.
See also :
Microsoft has released a set of patches for SQL Server 2000 and
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Nessus Plugin ID: 72908 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now