Remote Code Execution Vulnerability in Microsoft SQL Server - MS09-004ID: oval:org.secpod.oval:def:2618 | Date: (C)2011-10-27 (M)2022-10-10 |
Class: PATCH | Family: windows |
The host is missing a important security update according to Microsoft security bulletin, MS09-004. The update is required to fix remote code execution vulnerability. A flaw is present in the Microsoft SQL Server, which fails to validate input parameters passed to an extended stored procedure. Successful exploitation allows an attacker to execute arbitrary code or take complete control of an affected system.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Product: |
Microsoft SQL Server 2000 |
Microsoft SQL Server 2005 |
Microsoft SQL Server 2000 Desktop Engine (WMSDE) |
Windows Internal Database (WYukon) |