Oval Definition:
oval:org.mitre.oval:def:13785
Revision Date
:
2013-10-07
Version
:
9
Title
:
Buffer Overrun Vulnerability in SQL Server
Description
:
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
Family
:
windows
Class
:
vulnerability
Status
:
ACCEPTED
Reference(s)
:
CVE-2008-0106
Platform(s)
:
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Product(s)
:
Microsoft SQL Server 2005
Definition Synopsis
SQL Server 2005 SP2 - GDR
Check for SQL server 2005 SP2 and Vulnerable sqlservr.exe
Microsoft SQL Server 2005 SP2 is installed
AND
The version of Sqlservr.exe is greater than or equal to 2005.90.3042.0
AND
Check if version of Sqlservr.exe is less than 2005.90.3068.0
OR
Check for SQL server 2005 SP2 and Vulnerable msdtssrvr.exe
Microsoft SQL Server 2005 is installed
AND
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\Setup\\SP equals 2
AND
Check if version of Msdtssrvr.exe is less than 9.0.3068.0
AND
The version of Msdtssrvr.exe is greater than or equal to 9.0.3042.0
OR
SQL Server 2005 SP2 - QFE
Check for SQL server 2005 SP2 and Vulnerable sqlservr.exe
Microsoft SQL Server 2005 SP2 is installed
AND
The version of Sqlservr.exe is greater than or equal to 2005.90.3150.0
AND
Check if version of Sqlservr.exe is less than 2005.90.3233.0
OR
Check for SQL server 2005 SP2 and Vulnerable msdtssrvr.exe
Microsoft SQL Server 2005 is installed
AND
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\Setup\\SP equals 2
AND
Check if version of Msdtssrvr.exe is less than 9.0.3233.0
AND
The version of Msdtssrvr.exe is greater than or equal to 9.0.3150.0
BACK