oval:org.mitre.oval:def:1077

Definition Id: oval:org.mitre.oval:def:1077

Oval ID:	oval:org.mitre.oval:def:1077
Title:	MS SQL Server 2000 Resolution Service Buffer Overflow
Description:	Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2002-0649	Version:	5
Platform(s):	Microsoft Windows NT	Product(s):	Microsoft SQL Server 2000 Microsoft SQL Server 2000 Desktop Engine (WMSDE)
Definition Synopsis:
SQL Server 2000 installed AND the version of sqlservr.exe is less than 2000.80.636.0 AND the version of ssnetlib.dll is less than 2000.80.636.0