Microsoft's SQL Version Query Network Vulnerability

Summary

The plugin attempts a smb connection to read version from the registry key SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion to determine the Version of SQL and Service Pack the host is running. Some versions may allow remote access, denial of service attacks, and the ability of a hacker to run code of their choice.

Solution

Apply current service packs and hotfixes

Severity

Classification

CVE CVE-2000-0202, CVE-2000-0485, CVE-2000-1081, CVE-2000-1087, CVE-2000-1088, CVE-2001-0344, CVE-2001-0542, CVE-2002-0982

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

MS Windows Insecure Library Loading Remote Code Execution Vulnerabilities (2269637)
SMB Registry : XP Service Pack version
Opera skin zip file buffer overflow vulnerability
Microsoft's SQL Server Brute Force
Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)

Take action and discover your vulnerabilities