1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS SQL Server SQLDMO Activex BO

HTTP MS SQL Server SQLDMO Activex BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow vulnerability in a Microsoft SQL Server ActiveX control.

Additional Information

Microsoft SQL Server is an implementation of an SQL relational database developed by Microsoft. It is commercially available for Microsoft Windows.

Microsoft SQL Server 'sqldmo.dll' ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. The issue occurs when passing excessive amounts of data to the 'Start()' method.

This issue occurs in the ActiveX control with CLSID: 10020200-E260-11CF-AE68-00AA004A34D5.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Affected

  • Microsoft SQL Server 2005 SP2
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube