Vulnerability in SQL Server Could Allow Remote Code Execution

 

Purpose of Advisory: To provide customers with initial notification of the publicly disclosed vulnerability. For more information see the "Mitigating Factors," "Workarounds," and "Suggested Actions" sections of this security advisory.

Advisory Status: The issue is currently under investigation.

Recommendation: Review the suggested actions and configure as appropriate.

 

References Identification

CVE Reference

CVE-2008-4270

Microsoft Knowledge Base Article

961040


This advisory discusses the following software.

Affected Software

Microsoft SQL Server 2000 Service Pack 4

Microsoft SQL Server 2000 Itanium-based Edition Service Pack 4

Microsoft SQL Server 2005 Service Pack 2

Microsoft SQL Server 2005 x64 Edition Service Pack 2

Microsoft SQL Server 2005 with SP2 for Itanium-based Systems

Microsoft SQL Server 2005 Express Edition Service Pack 2

Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 2

Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4

Microsoft SQL Server 2000 Desktop Engine (WMSDE)

Windows Internal Database (WYukon) Service Pack 2

Non-Affected Software

Microsoft SQL Server 7.0 Service Pack 4

Microsoft SQL Server 2005 Service Pack 3

Microsoft SQL Server 2005 x64 Edition Service Pack 3

Microsoft SQL Server 2005 with SP3 for Itanium-based Systems

Microsoft SQL Server 2008

Microsoft SQL Server 2008 x64 Edition

Microsoft SQL Server 2008 for Itanium-based Systems


MS업데이트 링크 : http://www.microsoft.com/technet/security/advisory/961040.mspx

POC 관련 링크 : http://support.microsoft.com/kb/961040

2009/05/25 13:50 2009/05/25 13:50

Trackback Address :: 이 글에는 트랙백을 보낼 수 없습니다