Unpatched MS SQL Server vulnerability being exploited

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

Microsoft has confirmed a code execution type vulnerability in Microsoft SQL Server affecting to versions
-SQL Server 2000 SP4
-SQL Server 2005 SP2
-SQL Server 2000 Desktop Engine (MSDE 2000) SP4
-SQL Server 2000 Desktop Engine (WMSDE), and
-Windows Internal Database (WYukon) SP2.

MS Security Advisory #961040 is located at
http://www.microsoft.com/technet/security/advisory/961040.mspx

It appears that this sp_replwritetovarbin extended stored procedure issue is related to finding of SEC Consult.

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.