Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0086

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-0086
Last Modified 26 Jan 2012 10:21:23
Published 08 Jul 2008 07:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-0086

Summary

Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.

Vulnerable Systems

Application

  • Microsoft Data Engine 1.0

  • Microsoft Sql Server 2000

  • Microsoft Sql Server 2005

  • Microsoft Sql Server 7.0

  • Microsoft Sql Server Desktop Engine 2000

  • Microsoft Sql Server Express Edition 2005


References

CERT - TA08-190A

VUPEN - ADV-2008-2022

CONFIRM - http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2011-0003.html

SECTRACK - 1020441

BUGTRAQ - 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

BUGTRAQ - 20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability

MS - MS08-040

SECUNIA - 30970


Last Updated: 27 May 2016 10:46:40