Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

HTTP:SQL:INJ:CONVERT-INJ-OF

Severity

Major

Recommended

No

Recommended Action

Drop

Category

HTTP

Keywords

Microsoft SQL Server Injection Convert Parameter Overflow

Release Date

2008/07/14

Update Number

1213

Supported Platforms

di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Microsoft SQL Server Injection Convert Parameter Overflow


This signature detects attempts to exploit a known vulnerability in Microsoft's SQL Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Extended Description

Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to perform adequate boundary checks on user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

Affected Products

  • Microsoft sql_server_2000 SP1
  • Microsoft sql_server_2000 SP2
  • Microsoft sql_server_2000 SP3
  • Microsoft sql_server_2000 SP4
  • Microsoft sql_server_2000
  • Microsoft sql_server_2000_desktop_engine SP1
  • Microsoft sql_server_2000_desktop_engine SP2
  • Microsoft sql_server_2000_desktop_engine SP3
  • Microsoft sql_server_2000_desktop_engine SP4
  • Microsoft sql_server_2000_desktop_engine
  • Microsoft sql_server_2000_itanium_edition SP1
  • Microsoft sql_server_2000_itanium_edition SP2
  • Microsoft sql_server_2000_itanium_edition SP3
  • Microsoft sql_server_2000_itanium_edition SP4
  • Microsoft sql_server_2000_itanium_edition
  • Microsoft windows_2000_advanced_server SP4
  • Microsoft windows_2000_datacenter_server SP4
  • Microsoft windows_2000_professional SP4
  • Microsoft windows_2000_server SP4
  • Vmware vcenter 4.0
  • Vmware vcenter 4.1
  • Vmware vcenter_update_manager 1.0
  • Vmware vcenter_update_manager 4.0
  • Vmware vcenter_update_manager 4.1
  • Vmware virtualcenter 2.5
  • Vmware virtualcenter 2.5 Update 1
  • Vmware virtualcenter 2.5 Update 2
  • Vmware virtualcenter 2.5.Update 3 Build 11983
  • Vmware virtualcenter 2.5 Update 4
  • Vmware virtualcenter 2.5 Update 5
  • Vmware virtualcenter 2.5 Update 6

References

  • CVE: CVE-2008-0086
  • URL: http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out