Microsoft SQL Server RCE (959420)
High Nessus Network Monitor Plugin ID 4927
SynopsisArbitrary code can be executed on the remote host through SQL Server.
DescriptionThe remote host is running a version of Microsoft SQL Server, Desktop Engine or Internal Database that suffers from an authenticated remote code execution vulnerability in the MSSQL extended stored procedure 'sp_replwritetovarbin' due to an invalid parameter check. Successful exploitation could allow an attacker to take complete control of the affected system.
SolutionUpgrade or patch according to vendor recommendations.