CVE-2007-4814

Summary

Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.

Impact & exploitability

AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected products we track (1)

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

• NVD record
• http://retrogod.altervista.org/microsoft_sqldmo.html
• http://securityreason.com/securityalert/3112
• http://www.osvdb.org/38399
• http://www.securityfocus.com/archive/1/478822/100/0/threaded
• https://exchange.xforce.ibmcloud.com/vulnerabilities/36509
• https://www.exploit-db.com/exploits/4379
• https://www.exploit-db.com/exploits/4398
• http://www.securityfocus.com/bid/25594Exploit