Vulnerability Note VU#696644
Microsoft SQL Server fails to properly validate parameters to the sp_replwritetovarbin extended stored procedure
A vulnerability in the Microsoft SQL Server sp_replwritetovarbin extended stored procedure could allow an authenticated attacker to execute arbitrary code on an affected server.
Some versions of Microsoft SQL Server contain a vulnerability in the sp_replwritetovarbin stored procedure. The vulnerability could allow an attacker to modify heap memory and potentially execute arbitrary code. The vulnerability is described in SEC Consult Security Advisory < 20081209-0 >. Microsoft Security Bulletin MS09-004 provides further details, including affected database versions and workarounds.
In order to access sp_replwritetovarbin, an attacker would need to authenticate to the database first. A separate SQL injection vulnerability in a web application could allow a remote, unauthenticated attacker to exploit the sp_replwritetovarbin vulnerability with the user credentials of the web application. Microsoft Security Advisory (954462) provides detection and mitigation advice for SQL injection vulnerabilities.
A local or remote authenticated attacker may be able to execute arbitrary code with the privileges of the SQL Server on the affected system. In the case of a SQL injection vulnerability in a web application that uses a vulnerable database, a remote attacker may be able to exploit the sp_replwritetovarbin vulnerability with credentials of the web application.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||19 Dec 2008||10 Feb 2009|
CVSS Metrics (Learn More)
This vulnerability was reported by Bernhard Mueller of SEC Consult Vulnerability Lab.
This document was written by Chad R Dougherty and Art Manion.
- CVE IDs: CVE-2008-5416
- US-CERT Alert: TA09-041A
- Date Public: 09 Dec 2008
- Date First Published: 24 Dec 2008
- Date Last Updated: 10 Feb 2009
- Severity Metric: 4.45
- Document Revision: 18
If you have feedback, comments, or additional information about this vulnerability, please send us email.