Primary

Context

SQL Server Password Changer Buffer Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

A buffer overflow vulnerability has been identified in SQL Server Password Changer version 1.90. This vulnerability allows local attackers to cause a denial-of-service condition by crashing the application with an oversized payload. Specifically, injecting 6000 bytes of data into the User Name and Registration Code fields triggers the crash.

Impact

Exploitation of this vulnerability causes the application to crash, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by writing a payload of 6000 bytes into a text file. This file's contents are then copied to the clipboard and pasted into the User Name and Registration Code fields of SQL Server Password Changer 1.90. After clicking 'OK', the application will crash.

Added: Mar 11, 2026, 7:36 PM

Updated: Mar 11, 2026, 7:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SQL Server Password Changer Buffer Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating