Microsoft SQL Server User Authentication Remote Buffer Overflow Vulnerability

Reportedly, these issues may be exploited with the publically available Spike tool, available at the following URL:

http://www.immunitysec.com/spike.html

Additionally, a proof-of-concept NASL script has been released.

Exploit code (mssql2000_preauthentication.pm) has been released as part of the Metasploit Framework.

CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.


 

Privacy Statement
Copyright 2010, SecurityFocus