Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2008-5416 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft SQL Server
Severity
9.0CRITICALNVD
EPSS
87.9%
top 0.52%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedDec 10
Latest updateMay 14
Description
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invali…
CVSS vector
AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0
Affected Packages1 packages
🔴Vulnerability Details
2💥Exploits & PoCs
3Exploit-DB▶
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)↗2011-02-08
Exploit-DB
▶