Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0106

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-0106
Last Modified 26 Jan 2012 10:21:26
Published 08 Jul 2008 07:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-0106

Summary

Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.

Vulnerable Systems

Application

  • Microsoft Data Engine 1.0

  • Microsoft Sql Server 2000

  • Microsoft Sql Server 2005

  • Microsoft Sql Server 7.0

  • Microsoft Sql Server Desktop Engine 2000

  • Microsoft Sql Server Express Edition 2005


References

CERT - TA08-190A

VUPEN - ADV-2008-2022

CONFIRM - http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2011-0003.html

SECTRACK - 1020441

BUGTRAQ - 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

BUGTRAQ - 20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability

MS - MS08-040

SECUNIA - 30970


Last Updated: 27 May 2016 10:46:40