Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4814Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft SQL Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
7.5HIGHNVD
EPSS
53.6%
top 2.00%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft SQL Server
Timeline
PublishedSep 11
Latest updateMay 1

Description

Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-h593-56f6-7c6g: Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo2022-05-01
CVEList
CVE-2007-4814: Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo2007-09-11

💥Exploits & PoCs

2
Exploit-DB
Microsoft SQL Server - Distributed Management Objects Buffer Overflow2007-09-12
Exploit-DB
Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow (PoC)2007-09-08
CVE-2007-4814 — Microsoft SQL Server vulnerability | cvebase