MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
High Nessus Plugin ID 35632
SynopsisArbitrary code can be executed on the remote host through Microsoft SQL Server.
DescriptionThe remote host is running a version of Microsoft SQL Server, Desktop Engine or Internal Database that suffers from an authenticated, remote code execution vulnerability in the extended stored procedure 'sp_replwritetovarbin' due to an invalid parameter check.
Successful exploitation could allow an attacker to take complete control of the affected system.
SolutionMicrosoft has released a set of patches for SQL Server 2000 and 2005.