HTTP: Microsoft SQL Server SQLXML-ASAPI Overflow
This signature detects attempts to exploit a known vulnerability against the SQLXML-ASAPI Extension in Microsoft SQL Server 2000. The SQLXML-ASAPI extension handles data queries over HTTP (SQLXML HTTP); attackers can connect to the target host and submit maliciously crafted data to create a buffer overflow.
Extended Description
SQLXML is a component of SQL Server 2000, which enables SQL servers to receive and send database queries via XML (Extensible Markup Language) format. Such queries can be sent using various methods of communication, one of which is via HTTP. SQLXML HTTP components reside in a virtual directory on a web server and are not enabled by default, SQLXML ISAPI extensions run with LocalSystem privileges. A buffer overflow issue has been discovered in the SQLXML ISAPI extension that handles data queries over HTTP(SQLXML HTTP). It is possible for a user to initiate the overflow by connecting to a host and submitting malformed data. This issue has been reported to exist in SQL Server 2000 Gold, other versions may be vulnerable as well.
Affected Products
Microsoft sql_server_2000
Short Name
HTTP:EXPLOIT:SQLXML-ISAPI-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2002-0186 Microsoft Overflow SQL SQLXML-ASAPI Server bid:5004
Release Date
10/16/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5