CVE-2008-5416: CVE-2008-5416

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-5416

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft SQL Server sp_replwritetovarbin远程堆溢出漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft SQL Server是一款流行的SQL数据库系统。 SQL Server的sp_replwritetovarbin扩展存储过程中存在堆溢出漏洞。如果远程攻击者在参数中提供了未初始化变量的话，就可以触发这个溢出，向可控的位置写入内存，导致以有漏洞SQL Server进程的权限执行任意代码。在默认的配置中，任何用户都可以访问sp_replwritetovarbin过程。通过认证的用户可以通过直接的数据库连接或SQL注入来利用这个漏洞。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2008-5416

#	POC Description	Source Link	Shenlong Link
1	Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection	https://github.com/SECFORCE/CVE-2008-5416	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2008-5416

Please Login to view more intelligence information

http://support.avaya.com/elmodocs2/security/ASA-2009-055.htmx_refsource_CONFIRM
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlx_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlx_refsource_CONFIRM
http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txtx_refsource_MISC
http://www.microsoft.com/technet/security/advisory/961040.mspxx_refsource_CONFIRM
http://securityreason.com/securityalert/4706third-party-advisoryx_refsource_SREASON
https://www.exploit-db.com/exploits/7501exploitx_refsource_EXPLOIT-DB
http://osvdb.org/50917vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/32710vdb-entryx_refsource_BID
http://secunia.com/advisories/33034third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1021363vdb-entryx_refsource_SECTRACK
http://securitytracker.com/id?1021490vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-004vendor-advisoryx_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA09-041A.htmlthird-party-advisoryx_refsource_CERT
http://www.kb.cert.org/vuls/id/696644third-party-advisoryx_refsource_CERT-VN
http://www.vupen.com/english/advisories/2008/3380vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6217vdb-entrysignaturex_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/47182vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/499085/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0304.htmlmailing-listx_refsource_FULLDISC
http://www.securityfocus.com/archive/1/516397/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/499042/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2008-5416

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2008-5416

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2008-5416

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2008-5416

III. Intelligence Information for CVE-2008-5416

IV. Related Vulnerabilities

V. Comments for CVE-2008-5416

Leave a comment