Microsoft SQL Server Distributed Management Objects buffer overflow

Added: 10/11/2007
CVE: CVE-2007-4814
BID: 25594
OSVDB: 38399

Background

Microsoft SQL Server includes a Distributed Management Object model which offers a modern, object-oriented alternative to using stored procedures. The Distributed Management Object model is implemented by the sqldmo.dll ActiveX control.

Problem

A buffer overflow vulnerability in the sqldmo.dll ActiveX control allows command execution when a user opens a web page which calls the Start method with a long, specially crafted argument.

Resolution

Set the kill bit for Class ID 10020200-E260-11CF-AE68-00AA004A34D5 as described in Microsoft Knowledge Base Article 240797.

References

http://www.securityfocus.com/archive/1/478822

Limitations

Exploit works on Microsoft SQL Server 2005 SP2 on Windows 2000 and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows 2000

Back to exploit index