The skinny: apparently back in April, SEC Consult notified the MSFT team of a vulnerability in the sp_replwritetovarbin system stored procedure. Microsoft has thus far declined to create a patch and so, for whatever reason, SEC Consult decided to release the vulnerability publicly. You can view the scripts to reproduce...