New Search

MS SQL Server 2000 Resolution Service Buffer Overflow

oval:org.mitre.oval:def:1077

Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name or (2) a 0x08 byte with a long string causes heap corruption as exploited by the Slammer/Sapphire worm.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows NT
Class:
vulnerability
Reference(s):
  • CVE-2002-0649
Product(s):
  • Microsoft SQL Server 2000
  • Microsoft SQL Server 2000 Desktop Engine (WMSDE)