Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0085

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-0085
Last Modified 26 Jan 2012 10:21:23
Published 08 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0085

Summary

SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.

Vulnerable Systems

Operating System

  • Microsoft Windows Server 2008

Application

  • Microsoft Data Engine 1.0

  • Microsoft Sql Server 2000

  • Microsoft Sql Server 2005

  • Microsoft Sql Server 7.0

  • Microsoft Sql Server Desktop Engine 2000

  • Microsoft Wmsde 2000

  • Microsoft Wyukon


References

CERT - TA08-190A

MS - MS08-040

VUPEN - ADV-2008-2022

CONFIRM - http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2011-0003.html

SECTRACK - 1020441

BUGTRAQ - 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

SECUNIA - 30970


Last Updated: 27 May 2016 10:46:40