Published: 11/09/2007 Updated: 15/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote malicious users to execute arbitrary code via a long second argument to the Start method.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft sql server 2005

<!-- + title: Microsoft SQL Server Distributed Management Objects Buffer Overflow + Critical: Critical (remote) + Impact: MS Internet Explorer 6 -> Code Execute + Tested Operating System: Windows XP SP2 KR, Windows 2000 Pro SP4 KR + Tested Software: MSDE 2000 SQLDMOdll (version 2000807600) + Reference & Thanks : code by rgod ht ...

<!-- 1848 01/09/2007 Microsoft SQL Server Distributed Management Objects OLE DLL for SQL Enterprise Manager (sqldmodll) remote buffer overflow poc file version: 2000085200400 product version: 8052004 passing some fuzzy chars to Start method: EAX 00000000 ECX 00620062 EDX 00620062 EBX 1C3A3638 SQLDMO1C3A3638 ESP 0013D87C EBP 0013DAA8 E ...

CWE-119 http://retrogod.altervista.org/microsoft_sqldmo.html http://www.securityfocus.com/bid/25594 http://www.osvdb.org/38399 http://securityreason.com/securityalert/3112 https://exchange.xforce.ibmcloud.com/vulnerabilities/36509 https://www.exploit-db.com/exploits/4398 https://www.exploit-db.com/exploits/4379 http://www.securityfocus.com/archive/1/478822/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/4398/

CVE-2007-4814

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect