Summary
The remote MS SQL server is vulnerable to the Hello overflow.
An attacker may use this flaw to execute commands against the remote host as LOCAL/SYSTEM, as well as read your database content.
*** This alert might be a false positive.
Solution
Install Microsoft Patch Q316333 at
http://support.microsoft.com/default.aspx?scid=kb
en-us
Q316333&sd=tech
or disable the Microsoft SQL Server service or use a firewall to protect the MS SQL port (1433).
Severity
Classification
-
CVE CVE-2002-1123 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft .NET Framework 'RC4' Information Disclosure Vulnerability (2960358)
- Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662)
- Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)
- Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability
- Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability