CVE-2005-0441

Name of the Vulnerable Software and Affected Versions Sybase Adaptive Server Enterprise (ASE) versions prior to 12.5.3 ESD#1

Description The issue allows remote authenticated users to execute arbitrary code via several vulnerable functions, including the attrib valid function, covert function, declare statement, or a crafted query plan. Additionally, remote authenticated users with database owner or "sa" role privileges can execute arbitrary code via a crafted install java statement.

Recommendations For versions prior to 12.5.3 ESD#1, update to version 12.5.3 ESD#1 or later to resolve the issue. As a temporary workaround, consider restricting access to the attrib valid function, covert function, declare statement, and install java statement to minimize the risk of exploitation.