Microsoft SQL Server Distributed Management Objects buffer overflow

2007-10-11T00:00:00
ID SAINT:F28B5A24E1F8C3D543C46473D3D45AB8
Type saint
Reporter SAINT Corporation
Modified 2007-10-11T00:00:00

Description

Added: 10/11/2007
CVE: CVE-2007-4814
BID: 25594
OSVDB: 38399

Background

Microsoft SQL Server includes a Distributed Management Object model which offers a modern, object-oriented alternative to using stored procedures. The Distributed Management Object model is implemented by the **sqldmo.dll** ActiveX control.

Problem

A buffer overflow vulnerability in the **sqldmo.dll** ActiveX control allows command execution when a user opens a web page which calls the Start method with a long, specially crafted argument.

Resolution

Set the kill bit for Class ID 10020200-E260-11CF-AE68-00AA004A34D5 as described in Microsoft Knowledge Base Article 240797.

References

<http://www.securityfocus.com/archive/1/478822>

Limitations

Exploit works on Microsoft SQL Server 2005 SP2 on Windows 2000 and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows 2000