MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) (uncredentialed check)

High Nessus Plugin ID 35635


A database application installed on the remote host is affected by a remote code execution vulnerability.


The remote Windows host is running a version of Microsoft SQL Server, Desktop Engine, or Internal Database that is affected by a remote code execution vulnerability in the sp_replwritetovarbin() stored procedure due to a failure to check invalid parameters. An authenticated, remote attacker can exploit this, via specially crafted request, to cause the execution of arbitrary code.


Microsoft has released a set of patches for SQL Server 2000 and 2005.

See Also

Plugin Details

Severity: High

ID: 35635

File Name: smb_kb959420.nasl

Version: 1.32

Type: remote

Agent: windows

Family: Windows

Published: 2009/02/11

Modified: 2018/03/14

Dependencies: 10144

Risk Information

Risk Factor: High


Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 9.1

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:sql_server

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/02/10

Vulnerability Publication Date: 2008/12/09

Exploitable With


Core Impact

Metasploit (MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection)

Reference Information

CVE: CVE-2008-5416

BID: 32710

OSVDB: 50589

IAVA: 2009-A-0012

MSFT: MS09-004

CERT: 696644

EDB-ID: 7501, 16392, 16396

MSKB: 959420

CWE: 119