New Search

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Parser). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution

oval:org.mitre.oval:def:16960

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28 and MariaDB 5.5.28a and possibly other versions allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code as demonstrated using certain variations of the (1) USE (2) SHOW TABLES (3) DESCRIBE (4) SHOW FIELDS FROM (5) SHOW COLUMNS FROM (6) SHOW INDEX FROM (7) CREATE TABLE (8) DROP TABLE (9) ALTER TABLE (10) DELETE FROM (11) UPDATE and (12) SET PASSWORD commands.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows XP
  • Microsoft Windows Server 2012
  • Microsoft Windows 7
  • Microsoft Windows 2000
  • Microsoft Windows Vista
  • Microsoft Windows 8
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008
Class:
vulnerability
Reference(s):
  • CVE-2012-5612
Product(s):
  • MySQL Server 5.5