VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-1560

CVE-2004-1560

Description

A long request to TCP port 1433 triggers a buffer overflow in Microsoft SQL Server 7.0, causing a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A long request to TCP port 1433 triggers a buffer overflow in Microsoft SQL Server 7.0, causing a denial of service.

Vulnerability

Microsoft SQL Server 7.0 (all service packs from SP0 to SP3) contains a buffer overflow vulnerability when processing a specially crafted long request sent to TCP port 1433. The overflow causes an access violation (exception code c0000005) and halts the mssqlserver service [1].

Exploitation

An attacker can exploit this remotely by sending a large buffer (approximately 700,000 bytes) filled with a specific pattern to port 1433. No authentication is required; the attacker only needs network connectivity to the target SQL Server. The exploit code provided in the advisory demonstrates the attack [1].

Impact

Successful exploitation results in a denial of service: the mssqlserver service stops responding, causing loss of database availability. The crash is due to a buffer overflow, but the advisory does not indicate code execution [1].

Mitigation

No official patch was released for this vulnerability. Microsoft SQL Server 7.0 is end-of-life and no longer supported. Users should upgrade to a supported version of SQL Server (e.g., SQL Server 2000 or later) to mitigate this and other unpatched vulnerabilities.

References
  1. 'MSSQL 7.0 DoS' - MARC

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Microsoft/SQL Server6 versions
    cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*
    • (no CPE)range: = 7.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

6

News mentions

0

No linked articles in our index yet.