MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) (uncredentialed check)
High Nessus Plugin ID 35635
SynopsisA database application installed on the remote host is affected by a remote code execution vulnerability.
DescriptionThe remote Windows host is running a version of Microsoft SQL Server, Desktop Engine, or Internal Database that is affected by a remote code execution vulnerability in the sp_replwritetovarbin() stored procedure due to a failure to check invalid parameters. An authenticated, remote attacker can exploit this, via specially crafted request, to cause the execution of arbitrary code.
SolutionMicrosoft has released a set of patches for SQL Server 2000 and 2005.