Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability

Bugtraq ID: 32710
Class: Design Error
CVE: CVE-2008-4270
CVE-2008-5416
Remote: Yes
Local: No
Published: Dec 09 2008 12:00AM
Updated: Feb 11 2011 03:09PM
Credit: Bernhard Mueller
Vulnerable: VMWare VirtualCenter 2.5.Update 3 build 1
VMWare VirtualCenter 2.5 Update 6
VMWare VirtualCenter 2.5 Update 5
VMWare VirtualCenter 2.5 Update 4
VMWare VirtualCenter 2.5 Update 2
VMWare VirtualCenter 2.5 Update 1
VMWare VirtualCenter 2.5
VMWare Vcenter Update Manager 4.1
VMWare Vcenter Update Manager 4.0
VMWare Vcenter Update Manager 1.0
VMWare vCenter 4.1
VMWare vCenter 4.0
Microsoft Windows Internal Database (WYukon) x64 SP2
Microsoft Windows Internal Database (WYukon) x64 SP1
Microsoft Windows Internal Database (WYukon) x64 0
Microsoft Windows Internal Database (WYukon) SP2
Microsoft Windows Internal Database (WYukon) SP1
Microsoft Windows Internal Database (WYukon) 0
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Advanced Server SP4
Microsoft SQL Server 2005 x64 Edition SP2
Microsoft SQL Server 2005 x64 Edition SP1
Microsoft SQL Server 2005 Upgrade Advisor 9.0.2407 .00
Microsoft SQL Server 2005 Tools 9.0.1399 .06
Microsoft SQL Server 2005 Reporting Services 9.0.1399 .06
Microsoft SQL Server 2005 Itanium Edition SP2
Microsoft SQL Server 2005 Itanium Edition SP1
Microsoft SQL Server 2005 Itanium Edition 0
Microsoft SQL Server 2005 Integration Services 9.1.2047 .00
Microsoft SQL Server 2005 Express Edition with Advanced Serv SP2
Microsoft SQL Server 2005 Express Edition with Advanced Serv SP1
Microsoft SQL Server 2005 Express Edition SP2
Microsoft SQL Server 2005 Express Edition SP1
Microsoft SQL Server 2005 Express Edition 0
Microsoft SQL Server 2005 Books Online 9.0.1399 .06
Microsoft SQL Server 2005 Backward Compatibility 8.5.1054
Microsoft SQL Server 2005 Yukon
Microsoft SQL Server 2005 SP2
Microsoft SQL Server 2005 SP1
Microsoft SQL Server 2005 0
Microsoft SQL Server 2000 Itanium Edition SP4
Microsoft SQL Server 2000 Itanium Edition SP3
Microsoft SQL Server 2000 Itanium Edition SP2
Microsoft SQL Server 2000 Itanium Edition SP1
Microsoft SQL Server 2000 Itanium Edition 0
Microsoft SQL Server 2000 Desktop Engine SP4
Microsoft SQL Server 2000 Desktop Engine SP3
Microsoft SQL Server 2000 Desktop Engine SP2
Microsoft SQL Server 2000 Desktop Engine SP1
Microsoft SQL Server 2000 Desktop Engine 0
Microsoft SQL Server 2000 Desktop Engine
+ Akiva WebBoard 6.1
+ Microsoft Access 2000
+ Microsoft Application Center 2000
+ Microsoft BizTalk Server 2000 Developer Edition
+ Microsoft BizTalk Server 2000 Enterprise Edition
+ Microsoft BizTalk Server 2000 Standard Edition
+ Microsoft BizTalk Server 2002 Developer Edition
+ Microsoft BizTalk Server 2002 Enterprise Edition
+ Microsoft Office 2000
+ Microsoft Project Central Server
+ Microsoft SharePoint Team Services from Microsoft
+ Microsoft Visio 2000 Enterprise Edition
+ Microsoft Visio Enterprise Network Tools
+ Microsoft Visual FoxPro 6.0
+ Microsoft Visual Studio 6.0
+ Microsoft Visual Studio .NET Academic Edition 0
+ Microsoft Visual Studio .NET Enterprise Architect Edition
+ Microsoft Visual Studio .NET Enterprise Developer Edition
+ Microsoft Visual Studio .NET Professional Edition
+ SmartMax Software MailMax 5.0
+ Veritas Software Backup Exec for Windows Servers 9.0
Microsoft SQL Server 2000 8.0.194
Microsoft SQL Server 2000 SP4
Microsoft SQL Server 2000 SP3a
Microsoft SQL Server 2000 SP3
Microsoft SQL Server 2000 SP2
Microsoft SQL Server 2000 SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
Microsoft SQL Server 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0
Not Vulnerable: VMWare Vcenter Update Manager 4.1 Update 1
VMWare vCenter 4.1 Update 1
Microsoft SQL Server 2005 x64 Edition SP3
Microsoft SQL Server 2005 Itanium Edition SP3
Microsoft SQL Server 2005 SP3


 

Privacy Statement
Copyright 2010, SecurityFocus