CVE-2007-4814
Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow (PoC)
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
Desbordamiento de búfer en el control ActiveX SQLServer de la DLL Distributed Management Objects OLE (sqldmo.dll) 2000.085.2004.00 en Microsoft SQL Server Enterprise MAnager 8.05.2004 permite a atacantes remotos ejecutar código de su elección mediante un segundo argumento largo para el método Start.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-09-11 CVE Reserved
- 2007-09-11 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://retrogod.altervista.org/microsoft_sqldmo.html | X_refsource_misc | |
| http://securityreason.com/securityalert/3112 | Third Party Advisory | |
| http://www.osvdb.org/38399 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/478822/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36509 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/4379 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/4398 | 2024-08-07 | |
| http://www.securityfocus.com/bid/25594 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 2005 Search vendor "Microsoft" for product "Sql Server" and version "2005" | sp2 |
Affected
| ||||||