Test ID:	1.3.6.1.4.1.25623.1.0.900125
Category:	Denial of Service
Title:	Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
Summary:	Microsoft SQL Server is prone to a buffer-overflow vulnerability.
Description:	Summary: Microsoft SQL Server is prone to a buffer-overflow vulnerability. Vulnerability Insight: Applications sqlvdir.dll ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. The issue occurs when excessive amounts of data to the Control() method is passed. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code and failed attempts causes denial-of-service conditions. Affected Software/OS: Microsoft SQL Server 2000 SP4 and prior on Microsoft Windows (all). Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4110 BugTraq ID: 31129 http://www.securityfocus.com/bid/31129 Bugtraq: 20080911 sqlvdir.dll ActiveX Remote Buffer Overflow Exploit (Google Search) http://www.securityfocus.com/archive/1/496232/100/0/threaded http://securityreason.com/securityalert/4262 XForce ISS Database: mssql-sqlvdir-bo(45186) https://exchange.xforce.ibmcloud.com/vulnerabilities/45186
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.