CVE-2008-5416
Microsoft SQL Server <9.00.1399.06 - Buffer Overflow
Title source: llmDescription
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."
Exploits (6)
metasploit
WORKING POC
GOOD
by jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16396
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16392
metasploit
WORKING POC
EXCELLENT
by jduck, Rodrigo Marcos · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb
exploitdb
WORKING POC
VERIFIED
by Guido Landi · localwindows
https://www.exploit-db.com/exploits/7501
References (22)
... and 2 more
Scores
EPSS
0.8790
EPSS Percentile
99.5%
Classification
CWE
CWE-119
Status
draft
Affected Products (2)
microsoft/sql_server
microsoft/sql_server
Timeline
Published
Dec 10, 2008
Tracked Since
Feb 18, 2026