New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 9.8
Synopsis
Arbitrary code can be executed on the remote host through Microsoft SQL Server.
Description
The remote host is running a version of Microsoft SQL Server, Desktop Engine or Internal Database that suffers from an authenticated, remote code execution vulnerability in the extended stored procedure 'sp_replwritetovarbin' due to an invalid parameter check.
Successful exploitation could allow an attacker to take complete control of the affected system.
Solution
Microsoft has released a set of patches for SQL Server 2000 and 2005.