CVE-2005-2572 - MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysq

CVE-2005-2572

Summary

MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.

References

Vulnerable Configurations

cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*

CVSS

Base:	8.5 (as of 17-12-2019 - 17:14)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:S/C:C/I:C/A:C

refmap via4

bid	62358
bugtraq	20050808 [AppSecInc Advisory MYSQL05-V0003] Multiple Issues with MySQL User Defined Functions
hp	HPSBPV02918 SSRT101272
misc	http://www.appsecinc.com/resources/alerts/mysql/2005-003.html
sectrack	1029010
secunia	54788
xf	mysql-loadlibraryex-dos(21756)

Last major update

17-12-2019 - 17:14

Published

16-08-2005 - 04:00

Last modified

17-12-2019 - 17:14