Summary
The plugin attempts a smb connection to read version from the registry key
SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion to determine the Version of SQL and Service Pack the host is running.
Some versions may allow remote access, denial of service attacks, and the ability of a hacker to run code of their choice.
Solution
Apply current service packs and hotfixes
Severity
Classification
-
CVE CVE-2000-0202, CVE-2000-0485, CVE-2000-1081, CVE-2000-1087, CVE-2000-1088, CVE-2001-0344, CVE-2001-0542, CVE-2002-0982 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Computer Associates WebScan ActiveX Control Multiple Remote Code Execution Vulnerabilities
- Adobe Flash Player 9.0.115.0 and earlier vulnerability (Win)
- Microsoft Windows 32-bit Platforms Unspecified vulnerabilities
- Microsoft's SQL Blank Password
- Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability