Vulnerability in Server Service Could Allow Remote Code Execution (917159)

Vulnerability in Server Service Could Allow Remote Code Execution (917159)

Датапубликацииуязвимости:2006/07/12.

Резюме:Arbitrary code can be executed on the remote host due to a flaw in the 'Server' service.

Описание:The remote host is vulnerable to heap overflow in the 'Server' service that may allow an attacker to execute arbitrary code on the remote host with 'SYSTEM' privileges.

In addition to this, the remote host is also affected by an information disclosure vulnerability in SMB that may allow an attacker to obtain portions of the memory of the remote host.

Факторриска:High/ CVSS Base Score: 7.5

ИдентификаторCVE: CVE-2006-1314, CVE-2006-1315.

Решение:Исправление опубликовано в MicrosoftSecurityBulletinMS06-035.

Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687)

Датапубликацииуязвимости:2008/09/14.

Резюме:It is possible to crash the remote host due to a flaw in SMB.

Описание:The remote host is affected by a memory corruption vulnerability in SMBthat may allow an attacker to execute arbitrary code or perform a denialof service against the remote host.

Факторриска:Critical/ CVSS Base Score: 10.0

Идентификатор CVE: CVE-2008-4834, CVE-2008-4835, CVE-2008-4114.

Решение:Исправление опубликовано в MicrosoftSecurityBulletinMS09-001.

Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644)

Датапубликацииуязвимости:2008/10/23.

Резюме:Arbitrary code can be executed on the remote host due to a flaw in the 'Server' service.

Описание:The remote host is vulnerable to a buffer overrun in the 'Server' service that may allow an attacker to execute arbitrary code on the remote host with the 'System' privileges.

Факторриска:Critical/ CVSS Base Score: 10.0

Идентификатор CVE: CVE-2008-4250.

Решение:Исправление опубликовано в MicrosoftSecurityBulletinMS08-067.

Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)

Дата публикации:2008/12/10.Тип уязвимости:Удаленное исполнение кода.

Описание:Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."

Факторриска:CVSS Base Score: 9.0Идентификатор CVE: CVE-2008-5416.

Решение:Исправление опубликовано в MicrosoftSecurityBulletinMS08-040(KB948110).

Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability

Дата публикации:2008/09/16.Тип уязвимости:Переполнение буфера.

Описание:Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.

Факторриска:CVSS Base Score: 7.6Идентификатор CVE: CVE-2008-4110.

Решение:Отсутствует.

SQL Extended Procedure Functions Contain Unchecked Buffers (Q319507)

Датапубликации:2002/05/16.Тип уязвимости:Удаленное исполнение кода.

Описание:Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.

Факторриска:CVSS Base Score: 7.5Идентификатор CVE: CVE-2002-0154.

Решение:Исправление опубликовано вMicrosoftSecurityBulletinMS02-020.

Malformed RPC Request Can Cause Service Failure

Дата публикации:2001/09/20.Тип уязвимости:Отказ в обслуживании.

Описание:Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.

Факторриска:CVSS Base Score: 5.0Идентификатор CVE: CVE-2001-0509.

Решение: Исправление опубликовано в MicrosoftSecurityBulletin MS01-041.

Vulnerability in Server Service Could Allow Remote Code Execution (917159)

Датапубликацииуязвимости:2006/07/12.

Резюме:Arbitrary code can be executed on the remote host due to a flaw in the 'Server' service.

Описание:The remote host is vulnerable to heap overflow in the 'Server' service that may allow an attacker to execute arbitrary code on the remote host with 'SYSTEM' privileges.

In addition to this, the remote host is also affected by an information disclosure vulnerability in SMB that may allow an attacker to obtain portions of the memory of the remote host.

Факторриска:High/ CVSS Base Score: 7.5

ИдентификаторCVE: CVE-2006-1314, CVE-2006-1315.

Решение:Исправление опубликовано в MicrosoftSecurityBulletinMS06-035.

Наши рекомендации