Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Microsoft SQL Server RCE (959420)

High

Synopsis

Arbitrary code can be executed on the remote host through SQL Server.

Description

The remote host is running a version of Microsoft SQL Server, Desktop Engine or Internal Database that suffers from an authenticated remote code execution vulnerability in the MSSQL extended stored procedure 'sp_replwritetovarbin' due to an invalid parameter check. Successful exploitation could allow an attacker to take complete control of the affected system.

Solution

Upgrade or patch according to vendor recommendations.