Vulnerability in SQL Server Could Allow Remote Code Execution
Purpose of Advisory: To provide customers with initial notification of the publicly disclosed vulnerability. For more information see the "Mitigating Factors," "Workarounds," and "Suggested Actions" sections of this security advisory.
Advisory Status: The issue is currently under investigation.
Recommendation: Review the suggested actions and configure as appropriate.
| References | Identification |
|
CVE Reference |
|
|
Microsoft Knowledge Base Article |
This advisory discusses the following software.
| Affected Software |
|
Microsoft SQL Server 2000 Service Pack 4 |
|
Microsoft SQL Server 2000 Itanium-based Edition Service Pack 4 |
|
Microsoft SQL Server 2005 Service Pack 2 |
|
Microsoft SQL Server 2005 x64 Edition Service Pack 2 |
|
Microsoft SQL Server 2005 with SP2 for Itanium-based Systems |
|
Microsoft SQL Server 2005 Express Edition Service Pack 2 |
|
Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 2 |
|
Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4 |
|
Microsoft SQL Server 2000 Desktop Engine (WMSDE) |
|
Windows Internal Database (WYukon) Service Pack 2 |
| Non-Affected Software |
|
Microsoft SQL Server 7.0 Service Pack 4 |
|
Microsoft SQL Server 2005 Service Pack 3 |
|
Microsoft SQL Server 2005 x64 Edition Service Pack 3 |
|
Microsoft SQL Server 2005 with SP3 for Itanium-based Systems |
|
Microsoft SQL Server 2008 |
|
Microsoft SQL Server 2008 x64 Edition |
|
Microsoft SQL Server 2008 for Itanium-based Systems |
MS업데이트 링크 : http://www.microsoft.com/technet/security/advisory/961040.mspx
POC 관련 링크 : http://support.microsoft.com/kb/961040