Search criteria
78 vulnerabilities found for data_engine by microsoft
FKIE_CVE-2008-0086
Vulnerability from fkie_nvd - Published: 2008-07-08 23:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | data_engine | 1.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server_desktop_engine | 2000 | |
| microsoft | sql_server_express_edition | 2005 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "12788D78-4334-4A8A-9841-3DD894FDED50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "54EB3111-B93A-4577-9592-0D13FE7FD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A7A5116E-BD37-4539-B815-F1B70EC4D45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*",
"matchCriteriaId": "7910EDCF-376B-462A-996D-782C27E7322A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_express_edition:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "7E9E6FCD-B64C-4BA5-BD11-5659B61D74BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la funci\u00f3n convert en SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4 y 2000 Desktop Engine (WMSDE), de Microsoft, permite a usuarios autenticados remotos ejecutar c\u00f3digo arbitrario por medio de una expresi\u00f3n SQL dise\u00f1ada."
}
],
"id": "CVE-2008-0086",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-08T23:41:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/30970"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0107
Vulnerability from fkie_nvd - Published: 2008-07-08 23:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | data_engine | 1.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server_desktop_engine | 2000 | |
| microsoft | wmsde | 2000 | |
| microsoft | wyukon | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | wmsde | 2000 | |
| microsoft | wyukon | * | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_server_2003 | * | |
| microsoft | wyukon | * | |
| microsoft | wyukon | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "12788D78-4334-4A8A-9841-3DD894FDED50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "54EB3111-B93A-4577-9592-0D13FE7FD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A7A5116E-BD37-4539-B815-F1B70EC4D45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp4:itanium:*:*:*:*:*",
"matchCriteriaId": "8F78E205-376E-42AF-A7BF-53A2FA971005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp1:*:*:*:*:*:*",
"matchCriteriaId": "412A3365-9AB3-4EA5-85B6-63F3D76325C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp1:express:*:*:*:*:*",
"matchCriteriaId": "96106DF3-05B0-4ABE-B34D-8A4748F89D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp1:itanium:*:*:*:*:*",
"matchCriteriaId": "FD176461-5B49-497B-B7BE-79C91CCF5FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp1:x64:*:*:*:*:*",
"matchCriteriaId": "DCC460F8-8006-4463-ADD6-C32DEAF28216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:express:*:*:*:*:*",
"matchCriteriaId": "4003E7DB-CC5F-4775-9374-B9E8B81970C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*",
"matchCriteriaId": "7910EDCF-376B-462A-996D-782C27E7322A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:wmsde:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "9587D8FD-01AC-4DE5-8B1D-5EE9B7BC5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:wyukon:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C4037FF7-C7C3-4ABF-BB86-E5517A52EFE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:wmsde:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "9587D8FD-01AC-4DE5-8B1D-5EE9B7BC5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:wyukon:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "0BEE38BD-C7FC-4529-B074-67280DC3F455",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:wyukon:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C4037FF7-C7C3-4ABF-BB86-E5517A52EFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:wyukon:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "0BEE38BD-C7FC-4529-B074-67280DC3F455",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka \"SQL Server Memory Corruption Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento inferior de enteros en SQL Server versiones 7.0 SP4, 2000 SP4, 2005 SP1 y SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 y SP2 y 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) versi\u00f3n 1.0 SP4; y Internal Database (WYukon) SP2, permite a los usuarios autenticados remotos ejecutar c\u00f3digo arbitrario por medio de un (1) SMB o (2) pathname de WebDAV para un archivo en disco (tambi\u00e9n se conoce como archivo de copia de seguridad almacenada) con un valor de tama\u00f1o de registro creado, que desencadena un desbordamiento de b\u00fafer basado en la regi\u00f3n heap de la memoria, tambi\u00e9n se conoce como \"SQL Server Memory Corruption Vulnerability\""
}
],
"id": "CVE-2008-0107",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-08T23:41:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=723"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30970"
},
{
"source": "secure@microsoft.com",
"url": "http://www.insomniasec.com/advisories/ISVA-080709.1.htm"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/30119"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.insomniasec.com/advisories/ISVA-080709.1.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13936"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0106
Vulnerability from fkie_nvd - Published: 2008-07-08 23:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | data_engine | 1.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server_desktop_engine | 2000 | |
| microsoft | sql_server_express_edition | 2005 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "12788D78-4334-4A8A-9841-3DD894FDED50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "54EB3111-B93A-4577-9592-0D13FE7FD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A7A5116E-BD37-4539-B815-F1B70EC4D45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*",
"matchCriteriaId": "7910EDCF-376B-462A-996D-782C27E7322A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_express_edition:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "7E9E6FCD-B64C-4BA5-BD11-5659B61D74BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en SQL Server 2005 SP1 y SP2, y 2005 Express Edition SP1 y SP2, de Microsoft, permite a usuarios autenticados remotos ejecutar c\u00f3digo arbitrario por medio de una sentencia insert dise\u00f1ada."
}
],
"id": "CVE-2008-0106",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-08T23:41:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/30970"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0085
Vulnerability from fkie_nvd - Published: 2008-07-08 23:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | data_engine | 1.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server_desktop_engine | 2000 | |
| microsoft | wmsde | 2000 | |
| microsoft | wyukon | * | |
| microsoft | windows_2003_server | - | |
| microsoft | windows_2003_server | - | |
| microsoft | wmsde | 2000 | |
| microsoft | wyukon | * | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_server_2003 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "12788D78-4334-4A8A-9841-3DD894FDED50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "54EB3111-B93A-4577-9592-0D13FE7FD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A7A5116E-BD37-4539-B815-F1B70EC4D45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:itanium:*",
"matchCriteriaId": "0BB71613-4B60-4866-BC95-574A7AED05B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp1:*:*:*:*:*:*",
"matchCriteriaId": "412A3365-9AB3-4EA5-85B6-63F3D76325C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp1:*:*:*:*:itanium:*",
"matchCriteriaId": "A5AF127A-9B09-459E-97D8-F175A5238244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "733042B2-3B85-4DE2-B575-69CB335BAF83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp1:express:*:*:*:*:*",
"matchCriteriaId": "96106DF3-05B0-4ABE-B34D-8A4748F89D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:itanium:*",
"matchCriteriaId": "A75752D4-77FB-424D-B7C3-93C011B425AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "A1EAEEB8-F177-4427-B524-7DCF72061C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:express:*:*:*:*:*",
"matchCriteriaId": "4003E7DB-CC5F-4775-9374-B9E8B81970C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*",
"matchCriteriaId": "7910EDCF-376B-462A-996D-782C27E7322A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:wmsde:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "9587D8FD-01AC-4DE5-8B1D-5EE9B7BC5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:wyukon:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C4037FF7-C7C3-4ABF-BB86-E5517A52EFE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2A0607E7-B416-4AF8-ADF6-6E503627DD29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C0C7D2B-0AA5-4E82-B58B-2668A0EAC2E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:wmsde:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "9587D8FD-01AC-4DE5-8B1D-5EE9B7BC5E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:wyukon:*:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "53B85948-15D2-4528-9AE8-80F580F651C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse."
},
{
"lang": "es",
"value": "SQL Server versiones 7.0 SP4, 2000 SP4, 2005 SP1 y SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 y SP2, y 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) versi\u00f3n 1.0 SP4; y Internal Database (WYukon) SP2, no inicializa las p\u00e1ginas de memoria al reasignar memoria, lo que permite a los operadores de bases de datos conseguir informaci\u00f3n confidencial (contenido de base de datos) mediante vectores desconocidos relacionados con la reutilizaci\u00f3n de p\u00e1ginas de memoria."
}
],
"id": "CVE-2008-0085",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-08T23:41:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30970"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14213"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-0230
Vulnerability from fkie_nvd - Published: 2003-08-27 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | data_engine | 1.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F455C373-A9F7-47F9-828E-DEE2C8CC6545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2AB95D7-394E-423B-884C-87A9960682EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4355BA3D-B985-4DC7-AD9D-21B64652CC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D590A237-1587-4FF2-BEEA-F96B1C08F84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B004F338-1C8E-4283-8823-1A16A291FCBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "54EB3111-B93A-4577-9592-0D13FE7FD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D559EE-727C-405C-987C-247973A84D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:desktop_engine:*:*:*:*:*",
"matchCriteriaId": "D96CDDDA-2ECE-4327-801C-735A98DD7D48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4A74EBC1-FD61-4DD1-AC8A-E4B0F333A980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4BC2A389-68BF-45B1-833D-96B331844424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4E3ED68C-FBA1-45D8-8A26-BD327DDA2DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp3a:*:*:*:*:*:*",
"matchCriteriaId": "557136FE-E5D5-467E-96ED-4C45682DA767",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the \"Named Pipe Hijacking\" vulnerability."
},
{
"lang": "es",
"value": "Microsoft SQL Server 7, 2000, y MSDE permite a usuarios locales ganar privilegios secuestrando una tuber\u00eda con nombre (named pipe) de otro usuario, llamada vulnerabilidad de \"Secuestro de Tuber\u00eda con Nombre\"."
}
],
"id": "CVE-2003-0230",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/556356"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/556356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A235"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-0232
Vulnerability from fkie_nvd - Published: 2003-08-27 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | data_engine | 1.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F455C373-A9F7-47F9-828E-DEE2C8CC6545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2AB95D7-394E-423B-884C-87A9960682EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4355BA3D-B985-4DC7-AD9D-21B64652CC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D590A237-1587-4FF2-BEEA-F96B1C08F84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B004F338-1C8E-4283-8823-1A16A291FCBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "54EB3111-B93A-4577-9592-0D13FE7FD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D559EE-727C-405C-987C-247973A84D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:desktop_engine:*:*:*:*:*",
"matchCriteriaId": "D96CDDDA-2ECE-4327-801C-735A98DD7D48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4A74EBC1-FD61-4DD1-AC8A-E4B0F333A980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4BC2A389-68BF-45B1-833D-96B331844424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4E3ED68C-FBA1-45D8-8A26-BD327DDA2DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp3a:*:*:*:*:*:*",
"matchCriteriaId": "557136FE-E5D5-467E-96ED-4C45682DA767",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow."
},
{
"lang": "es",
"value": "Microsoft SQL Server 7, 2000 y MSDE permite a usuarios locales ejecutar c\u00f3digo arbitrario mediante una cierta petici\u00f3n al puerto de llamadas de procedimiento local (LPC - Local Procedure Calls) que conduce a un desbordamiento de b\u00fafer."
}
],
"id": "CVE-2003-0232",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.atstake.com/research/advisories/2003/a072303-3.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/584868"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.atstake.com/research/advisories/2003/a072303-3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/584868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-0231
Vulnerability from fkie_nvd - Published: 2003-08-27 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | data_engine | 1.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F455C373-A9F7-47F9-828E-DEE2C8CC6545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2AB95D7-394E-423B-884C-87A9960682EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4355BA3D-B985-4DC7-AD9D-21B64652CC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D590A237-1587-4FF2-BEEA-F96B1C08F84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B004F338-1C8E-4283-8823-1A16A291FCBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "54EB3111-B93A-4577-9592-0D13FE7FD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D559EE-727C-405C-987C-247973A84D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:desktop_engine:*:*:*:*:*",
"matchCriteriaId": "D96CDDDA-2ECE-4327-801C-735A98DD7D48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4A74EBC1-FD61-4DD1-AC8A-E4B0F333A980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4BC2A389-68BF-45B1-833D-96B331844424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4E3ED68C-FBA1-45D8-8A26-BD327DDA2DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp3a:*:*:*:*:*:*",
"matchCriteriaId": "557136FE-E5D5-467E-96ED-4C45682DA767",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe."
},
{
"lang": "es",
"value": "Microsoft SQL Server 7, 2000 y MSDE permite a usurios locales o a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda o cuelgue) mediante un petici\u00f3n larga a una tuber\u00eda con nombre."
}
],
"id": "CVE-2003-0231",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.atstake.com/research/advisories/2003/a072303-2.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/918652"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.atstake.com/research/advisories/2003/a072303-2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/918652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2002-1145
Vulnerability from fkie_nvd - Published: 2002-10-28 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | data_engine | 1.0 | |
| microsoft | data_engine | 2000 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F455C373-A9F7-47F9-828E-DEE2C8CC6545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:data_engine:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "51ABD323-BF3F-4825-8788-8FCD614E83E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2AB95D7-394E-423B-884C-87A9960682EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4355BA3D-B985-4DC7-AD9D-21B64652CC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D590A237-1587-4FF2-BEEA-F96B1C08F84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B004F338-1C8E-4283-8823-1A16A291FCBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "54EB3111-B93A-4577-9592-0D13FE7FD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D559EE-727C-405C-987C-247973A84D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4A74EBC1-FD61-4DD1-AC8A-E4B0F333A980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4BC2A389-68BF-45B1-833D-96B331844424",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions."
}
],
"id": "CVE-2002-1145",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-28T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103487044122900\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=103486356413404\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10388.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/advisories/mssql-webtasks.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5980"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103487044122900\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=103486356413404\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10388.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/advisories/mssql-webtasks.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-0106 (GCVE-0-2008-0106)
Vulnerability from cvelistv5 – Published: 2008-07-08 23:00 – Updated: 2024-08-07 07:32
VLAI?
Summary
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:24.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:13785",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:13785",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30970"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:13785",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0106",
"datePublished": "2008-07-08T23:00:00",
"dateReserved": "2008-01-07T00:00:00",
"dateUpdated": "2024-08-07T07:32:24.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0086 (GCVE-0-2008-0086)
Vulnerability from cvelistv5 – Published: 2008-07-08 23:00 – Updated: 2024-08-07 07:32
VLAI?
Summary
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "oval:org.mitre.oval:def:14052",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "oval:org.mitre.oval:def:14052",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "oval:org.mitre.oval:def:14052",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
},
{
"name": "30970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30970"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0086",
"datePublished": "2008-07-08T23:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0085 (GCVE-0-2008-0085)
Vulnerability from cvelistv5 – Published: 2008-07-08 23:00 – Updated: 2024-08-07 07:32
VLAI?
Summary
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "oval:org.mitre.oval:def:14213",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14213"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "oval:org.mitre.oval:def:14213",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14213"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30970"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "oval:org.mitre.oval:def:14213",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14213"
},
{
"name": "ADV-2008-2022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0085",
"datePublished": "2008-07-08T23:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0107 (GCVE-0-2008-0107)
Vulnerability from cvelistv5 – Published: 2008-07-08 23:00 – Updated: 2024-08-07 07:32
VLAI?
Summary
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "20080708 Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=723"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30970"
},
{
"name": "30119",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30119"
},
{
"name": "oval:org.mitre.oval:def:13936",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13936"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.insomniasec.com/advisories/ISVA-080709.1.htm"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka \"SQL Server Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "20080708 Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=723"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30970"
},
{
"name": "30119",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30119"
},
{
"name": "oval:org.mitre.oval:def:13936",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13936"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.insomniasec.com/advisories/ISVA-080709.1.htm"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka \"SQL Server Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "20080708 Microsoft SQL Server Restore Integer Underflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=723"
},
{
"name": "30970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30970"
},
{
"name": "30119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30119"
},
{
"name": "oval:org.mitre.oval:def:13936",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13936"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "http://www.insomniasec.com/advisories/ISVA-080709.1.htm",
"refsource": "MISC",
"url": "http://www.insomniasec.com/advisories/ISVA-080709.1.htm"
},
{
"name": "ADV-2008-2022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0107",
"datePublished": "2008-07-08T23:00:00",
"dateReserved": "2008-01-07T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1138 (GCVE-0-2002-1138)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mssql-agent-create-files(10257)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10257.php"
},
{
"name": "MS02-056",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka \"Flaw in Output File Handling for Scheduled Jobs.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mssql-agent-create-files(10257)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10257.php"
},
{
"name": "MS02-056",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka \"Flaw in Output File Handling for Scheduled Jobs.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mssql-agent-create-files(10257)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10257.php"
},
{
"name": "MS02-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1138",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-23T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1123 (GCVE-0-2002-1123)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020806 SPIKE 2.5 and associated vulns",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/286220"
},
{
"name": "5411",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5411"
},
{
"name": "MS02-056",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
},
{
"name": "mssql-preauth-bo(9788)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9788.php"
},
{
"name": "20020807 MS SQL Server Hello Overflow NASL script",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102873609025020\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the \"Hello\" overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020806 SPIKE 2.5 and associated vulns",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/286220"
},
{
"name": "5411",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5411"
},
{
"name": "MS02-056",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
},
{
"name": "mssql-preauth-bo(9788)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9788.php"
},
{
"name": "20020807 MS SQL Server Hello Overflow NASL script",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102873609025020\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the \"Hello\" overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020806 SPIKE 2.5 and associated vulns",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/286220"
},
{
"name": "5411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5411"
},
{
"name": "MS02-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
},
{
"name": "mssql-preauth-bo(9788)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9788.php"
},
{
"name": "20020807 MS SQL Server Hello Overflow NASL script",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102873609025020\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1123",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-11T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1137 (GCVE-0-2002-1137)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scan-associates.net/papers/foxpro.txt"
},
{
"name": "MS02-056",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
},
{
"name": "mssql-dbcc-bo-variant(10255)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10255"
},
{
"name": "5877",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a \"non-SQL OLEDB data source\" such as FoxPro, a variant of CAN-2002-0644."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scan-associates.net/papers/foxpro.txt"
},
{
"name": "MS02-056",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
},
{
"name": "mssql-dbcc-bo-variant(10255)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10255"
},
{
"name": "5877",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a \"non-SQL OLEDB data source\" such as FoxPro, a variant of CAN-2002-0644."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
},
{
"name": "http://www.scan-associates.net/papers/foxpro.txt",
"refsource": "MISC",
"url": "http://www.scan-associates.net/papers/foxpro.txt"
},
{
"name": "MS02-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
},
{
"name": "mssql-dbcc-bo-variant(10255)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10255"
},
{
"name": "5877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1137",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-23T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0230 (GCVE-0-2003-0230)
Vulnerability from cvelistv5 – Published: 2003-07-25 04:00 – Updated: 2024-08-08 01:43
VLAI?
Summary
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS03-031",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "oval:org.mitre.oval:def:235",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A235"
},
{
"name": "VU#556356",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/556356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the \"Named Pipe Hijacking\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS03-031",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "oval:org.mitre.oval:def:235",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A235"
},
{
"name": "VU#556356",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/556356"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the \"Named Pipe Hijacking\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS03-031",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "oval:org.mitre.oval:def:235",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A235"
},
{
"name": "VU#556356",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/556356"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0230",
"datePublished": "2003-07-25T04:00:00",
"dateReserved": "2003-04-30T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0231 (GCVE-0-2003-0231)
Vulnerability from cvelistv5 – Published: 2003-07-25 04:00 – Updated: 2024-08-08 01:43
VLAI?
Summary
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "A072303-2",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE",
"x_transferred"
],
"url": "http://www.atstake.com/research/advisories/2003/a072303-2.txt"
},
{
"name": "oval:org.mitre.oval:def:299",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299"
},
{
"name": "MS03-031",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "VU#918652",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/918652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "A072303-2",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE"
],
"url": "http://www.atstake.com/research/advisories/2003/a072303-2.txt"
},
{
"name": "oval:org.mitre.oval:def:299",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299"
},
{
"name": "MS03-031",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "VU#918652",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/918652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "A072303-2",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2003/a072303-2.txt"
},
{
"name": "oval:org.mitre.oval:def:299",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299"
},
{
"name": "MS03-031",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "VU#918652",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/918652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0231",
"datePublished": "2003-07-25T04:00:00",
"dateReserved": "2003-04-30T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0232 (GCVE-0-2003-0232)
Vulnerability from cvelistv5 – Published: 2003-07-25 04:00 – Updated: 2024-08-08 01:43
VLAI?
Summary
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS03-031",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "VU#584868",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/584868"
},
{
"name": "oval:org.mitre.oval:def:303",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303"
},
{
"name": "A072303-3",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE",
"x_transferred"
],
"url": "http://www.atstake.com/research/advisories/2003/a072303-3.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS03-031",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "VU#584868",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/584868"
},
{
"name": "oval:org.mitre.oval:def:303",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303"
},
{
"name": "A072303-3",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE"
],
"url": "http://www.atstake.com/research/advisories/2003/a072303-3.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS03-031",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "VU#584868",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/584868"
},
{
"name": "oval:org.mitre.oval:def:303",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303"
},
{
"name": "A072303-3",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2003/a072303-3.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0232",
"datePublished": "2003-07-25T04:00:00",
"dateReserved": "2003-04-30T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1145 (GCVE-0-2002-1145)
Vulnerability from cvelistv5 – Published: 2002-10-21 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5980",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5980"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/mssql-webtasks.txt"
},
{
"name": "mssql-webtask-gain-privileges(10388)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10388.php"
},
{
"name": "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103487044122900\u0026w=2"
},
{
"name": "MS02-061",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061"
},
{
"name": "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=103486356413404\u0026w=2"
},
{
"name": "20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5980",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5980"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/mssql-webtasks.txt"
},
{
"name": "mssql-webtask-gain-privileges(10388)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10388.php"
},
{
"name": "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103487044122900\u0026w=2"
},
{
"name": "MS02-061",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061"
},
{
"name": "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=103486356413404\u0026w=2"
},
{
"name": "20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5980",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5980"
},
{
"name": "http://www.nextgenss.com/advisories/mssql-webtasks.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/mssql-webtasks.txt"
},
{
"name": "mssql-webtask-gain-privileges(10388)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10388.php"
},
{
"name": "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103487044122900\u0026w=2"
},
{
"name": "MS02-061",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061"
},
{
"name": "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=103486356413404\u0026w=2"
},
{
"name": "20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1145",
"datePublished": "2002-10-21T04:00:00",
"dateReserved": "2002-09-23T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0106 (GCVE-0-2008-0106)
Vulnerability from nvd – Published: 2008-07-08 23:00 – Updated: 2024-08-07 07:32
VLAI?
Summary
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:24.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:13785",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:13785",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30970"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:13785",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0106",
"datePublished": "2008-07-08T23:00:00",
"dateReserved": "2008-01-07T00:00:00",
"dateUpdated": "2024-08-07T07:32:24.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0086 (GCVE-0-2008-0086)
Vulnerability from nvd – Published: 2008-07-08 23:00 – Updated: 2024-08-07 07:32
VLAI?
Summary
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "oval:org.mitre.oval:def:14052",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "oval:org.mitre.oval:def:14052",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "oval:org.mitre.oval:def:14052",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
},
{
"name": "30970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30970"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0086",
"datePublished": "2008-07-08T23:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0085 (GCVE-0-2008-0085)
Vulnerability from nvd – Published: 2008-07-08 23:00 – Updated: 2024-08-07 07:32
VLAI?
Summary
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "oval:org.mitre.oval:def:14213",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14213"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "oval:org.mitre.oval:def:14213",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14213"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30970"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "oval:org.mitre.oval:def:14213",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14213"
},
{
"name": "ADV-2008-2022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0085",
"datePublished": "2008-07-08T23:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0107 (GCVE-0-2008-0107)
Vulnerability from nvd – Published: 2008-07-08 23:00 – Updated: 2024-08-07 07:32
VLAI?
Summary
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "20080708 Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=723"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30970"
},
{
"name": "30119",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30119"
},
{
"name": "oval:org.mitre.oval:def:13936",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13936"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.insomniasec.com/advisories/ISVA-080709.1.htm"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka \"SQL Server Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "20080708 Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=723"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30970"
},
{
"name": "30119",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30119"
},
{
"name": "oval:org.mitre.oval:def:13936",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13936"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.insomniasec.com/advisories/ISVA-080709.1.htm"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka \"SQL Server Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "20080708 Microsoft SQL Server Restore Integer Underflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=723"
},
{
"name": "30970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30970"
},
{
"name": "30119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30119"
},
{
"name": "oval:org.mitre.oval:def:13936",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13936"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "http://www.insomniasec.com/advisories/ISVA-080709.1.htm",
"refsource": "MISC",
"url": "http://www.insomniasec.com/advisories/ISVA-080709.1.htm"
},
{
"name": "ADV-2008-2022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0107",
"datePublished": "2008-07-08T23:00:00",
"dateReserved": "2008-01-07T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1138 (GCVE-0-2002-1138)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mssql-agent-create-files(10257)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10257.php"
},
{
"name": "MS02-056",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka \"Flaw in Output File Handling for Scheduled Jobs.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mssql-agent-create-files(10257)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10257.php"
},
{
"name": "MS02-056",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka \"Flaw in Output File Handling for Scheduled Jobs.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mssql-agent-create-files(10257)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10257.php"
},
{
"name": "MS02-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1138",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-23T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1123 (GCVE-0-2002-1123)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020806 SPIKE 2.5 and associated vulns",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/286220"
},
{
"name": "5411",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5411"
},
{
"name": "MS02-056",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
},
{
"name": "mssql-preauth-bo(9788)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9788.php"
},
{
"name": "20020807 MS SQL Server Hello Overflow NASL script",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102873609025020\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the \"Hello\" overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020806 SPIKE 2.5 and associated vulns",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/286220"
},
{
"name": "5411",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5411"
},
{
"name": "MS02-056",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
},
{
"name": "mssql-preauth-bo(9788)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9788.php"
},
{
"name": "20020807 MS SQL Server Hello Overflow NASL script",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102873609025020\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the \"Hello\" overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020806 SPIKE 2.5 and associated vulns",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/286220"
},
{
"name": "5411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5411"
},
{
"name": "MS02-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
},
{
"name": "mssql-preauth-bo(9788)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9788.php"
},
{
"name": "20020807 MS SQL Server Hello Overflow NASL script",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102873609025020\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1123",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-11T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1137 (GCVE-0-2002-1137)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scan-associates.net/papers/foxpro.txt"
},
{
"name": "MS02-056",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
},
{
"name": "mssql-dbcc-bo-variant(10255)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10255"
},
{
"name": "5877",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a \"non-SQL OLEDB data source\" such as FoxPro, a variant of CAN-2002-0644."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scan-associates.net/papers/foxpro.txt"
},
{
"name": "MS02-056",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
},
{
"name": "mssql-dbcc-bo-variant(10255)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10255"
},
{
"name": "5877",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a \"non-SQL OLEDB data source\" such as FoxPro, a variant of CAN-2002-0644."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
},
{
"name": "http://www.scan-associates.net/papers/foxpro.txt",
"refsource": "MISC",
"url": "http://www.scan-associates.net/papers/foxpro.txt"
},
{
"name": "MS02-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056"
},
{
"name": "N-003",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-003.shtml"
},
{
"name": "mssql-dbcc-bo-variant(10255)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10255"
},
{
"name": "5877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1137",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-23T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0230 (GCVE-0-2003-0230)
Vulnerability from nvd – Published: 2003-07-25 04:00 – Updated: 2024-08-08 01:43
VLAI?
Summary
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS03-031",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "oval:org.mitre.oval:def:235",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A235"
},
{
"name": "VU#556356",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/556356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the \"Named Pipe Hijacking\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS03-031",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "oval:org.mitre.oval:def:235",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A235"
},
{
"name": "VU#556356",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/556356"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the \"Named Pipe Hijacking\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS03-031",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "oval:org.mitre.oval:def:235",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A235"
},
{
"name": "VU#556356",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/556356"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0230",
"datePublished": "2003-07-25T04:00:00",
"dateReserved": "2003-04-30T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0231 (GCVE-0-2003-0231)
Vulnerability from nvd – Published: 2003-07-25 04:00 – Updated: 2024-08-08 01:43
VLAI?
Summary
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "A072303-2",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE",
"x_transferred"
],
"url": "http://www.atstake.com/research/advisories/2003/a072303-2.txt"
},
{
"name": "oval:org.mitre.oval:def:299",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299"
},
{
"name": "MS03-031",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "VU#918652",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/918652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "A072303-2",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE"
],
"url": "http://www.atstake.com/research/advisories/2003/a072303-2.txt"
},
{
"name": "oval:org.mitre.oval:def:299",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299"
},
{
"name": "MS03-031",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "VU#918652",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/918652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "A072303-2",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2003/a072303-2.txt"
},
{
"name": "oval:org.mitre.oval:def:299",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299"
},
{
"name": "MS03-031",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "VU#918652",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/918652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0231",
"datePublished": "2003-07-25T04:00:00",
"dateReserved": "2003-04-30T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0232 (GCVE-0-2003-0232)
Vulnerability from nvd – Published: 2003-07-25 04:00 – Updated: 2024-08-08 01:43
VLAI?
Summary
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS03-031",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "VU#584868",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/584868"
},
{
"name": "oval:org.mitre.oval:def:303",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303"
},
{
"name": "A072303-3",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE",
"x_transferred"
],
"url": "http://www.atstake.com/research/advisories/2003/a072303-3.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS03-031",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "VU#584868",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/584868"
},
{
"name": "oval:org.mitre.oval:def:303",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303"
},
{
"name": "A072303-3",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE"
],
"url": "http://www.atstake.com/research/advisories/2003/a072303-3.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS03-031",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031"
},
{
"name": "VU#584868",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/584868"
},
{
"name": "oval:org.mitre.oval:def:303",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303"
},
{
"name": "A072303-3",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2003/a072303-3.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0232",
"datePublished": "2003-07-25T04:00:00",
"dateReserved": "2003-04-30T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1145 (GCVE-0-2002-1145)
Vulnerability from nvd – Published: 2002-10-21 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5980",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5980"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/mssql-webtasks.txt"
},
{
"name": "mssql-webtask-gain-privileges(10388)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10388.php"
},
{
"name": "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103487044122900\u0026w=2"
},
{
"name": "MS02-061",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061"
},
{
"name": "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=103486356413404\u0026w=2"
},
{
"name": "20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5980",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5980"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/mssql-webtasks.txt"
},
{
"name": "mssql-webtask-gain-privileges(10388)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10388.php"
},
{
"name": "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103487044122900\u0026w=2"
},
{
"name": "MS02-061",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061"
},
{
"name": "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=103486356413404\u0026w=2"
},
{
"name": "20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5980",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5980"
},
{
"name": "http://www.nextgenss.com/advisories/mssql-webtasks.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/mssql-webtasks.txt"
},
{
"name": "mssql-webtask-gain-privileges(10388)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10388.php"
},
{
"name": "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103487044122900\u0026w=2"
},
{
"name": "MS02-061",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061"
},
{
"name": "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=103486356413404\u0026w=2"
},
{
"name": "20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1145",
"datePublished": "2002-10-21T04:00:00",
"dateReserved": "2002-09-23T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}