Vulnerabilites related to microsoft - sql_server_express_edition
cve-2008-0106
Vulnerability from cvelistv5
Published
2008-07-08 23:00
Modified
2024-08-07 07:32
Severity ?
Summary
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T07:32:24.100Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1020441",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1020441",
               },
               {
                  name: "30970",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30970",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
               },
               {
                  name: "ADV-2008-2022",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/2022/references",
               },
               {
                  name: "MS08-040",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MS",
                     "x_transferred",
                  ],
                  url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040",
               },
               {
                  name: "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
               },
               {
                  name: "TA08-190A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html",
               },
               {
                  name: "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
               },
               {
                  name: "oval:org.mitre.oval:def:13785",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-07-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-15T20:57:01",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               name: "1020441",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1020441",
            },
            {
               name: "30970",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30970",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
            },
            {
               name: "ADV-2008-2022",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/2022/references",
            },
            {
               name: "MS08-040",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MS",
               ],
               url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040",
            },
            {
               name: "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
            },
            {
               name: "TA08-190A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html",
            },
            {
               name: "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
            },
            {
               name: "oval:org.mitre.oval:def:13785",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@microsoft.com",
               ID: "CVE-2008-0106",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1020441",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1020441",
                  },
                  {
                     name: "30970",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30970",
                  },
                  {
                     name: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
                     refsource: "CONFIRM",
                     url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
                  },
                  {
                     name: "ADV-2008-2022",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/2022/references",
                  },
                  {
                     name: "MS08-040",
                     refsource: "MS",
                     url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040",
                  },
                  {
                     name: "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded",
                  },
                  {
                     name: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
                     refsource: "CONFIRM",
                     url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
                  },
                  {
                     name: "TA08-190A",
                     refsource: "CERT",
                     url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html",
                  },
                  {
                     name: "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
                  },
                  {
                     name: "oval:org.mitre.oval:def:13785",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2008-0106",
      datePublished: "2008-07-08T23:00:00",
      dateReserved: "2008-01-07T00:00:00",
      dateUpdated: "2024-08-07T07:32:24.100Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2008-0086
Vulnerability from cvelistv5
Published
2008-07-08 23:00
Modified
2024-08-07 07:32
Severity ?
Summary
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T07:32:23.907Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1020441",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1020441",
               },
               {
                  name: "oval:org.mitre.oval:def:14052",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052",
               },
               {
                  name: "30970",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30970",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
               },
               {
                  name: "ADV-2008-2022",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/2022/references",
               },
               {
                  name: "MS08-040",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MS",
                     "x_transferred",
                  ],
                  url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040",
               },
               {
                  name: "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
               },
               {
                  name: "TA08-190A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html",
               },
               {
                  name: "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-07-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-15T20:57:01",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               name: "1020441",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1020441",
            },
            {
               name: "oval:org.mitre.oval:def:14052",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052",
            },
            {
               name: "30970",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30970",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
            },
            {
               name: "ADV-2008-2022",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/2022/references",
            },
            {
               name: "MS08-040",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MS",
               ],
               url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040",
            },
            {
               name: "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
            },
            {
               name: "TA08-190A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html",
            },
            {
               name: "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@microsoft.com",
               ID: "CVE-2008-0086",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1020441",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1020441",
                  },
                  {
                     name: "oval:org.mitre.oval:def:14052",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052",
                  },
                  {
                     name: "30970",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30970",
                  },
                  {
                     name: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
                     refsource: "CONFIRM",
                     url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
                  },
                  {
                     name: "ADV-2008-2022",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/2022/references",
                  },
                  {
                     name: "MS08-040",
                     refsource: "MS",
                     url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040",
                  },
                  {
                     name: "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded",
                  },
                  {
                     name: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
                     refsource: "CONFIRM",
                     url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
                  },
                  {
                     name: "TA08-190A",
                     refsource: "CERT",
                     url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html",
                  },
                  {
                     name: "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2008-0086",
      datePublished: "2008-07-08T23:00:00",
      dateReserved: "2008-01-03T00:00:00",
      dateUpdated: "2024-08-07T07:32:23.907Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2008-07-08 23:41
Modified
2024-11-21 00:41
Severity ?
Summary
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
References
secure@microsoft.comhttp://secunia.com/advisories/30970
secure@microsoft.comhttp://www.securityfocus.com/archive/1/494082/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/archive/1/516397/100/0/threaded
secure@microsoft.comhttp://www.securitytracker.com/id?1020441
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA08-190A.htmlUS Government Resource
secure@microsoft.comhttp://www.vmware.com/security/advisories/VMSA-2011-0003.html
secure@microsoft.comhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/2022/references
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30970
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/494082/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/516397/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020441
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-190A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2011-0003.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2022/references
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*",
                     matchCriteriaId: "12788D78-4334-4A8A-9841-3DD894FDED50",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
                     matchCriteriaId: "54EB3111-B93A-4577-9592-0D13FE7FD2C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*",
                     matchCriteriaId: "A7A5116E-BD37-4539-B815-F1B70EC4D45D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*",
                     matchCriteriaId: "7910EDCF-376B-462A-996D-782C27E7322A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server_express_edition:2005:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "7E9E6FCD-B64C-4BA5-BD11-5659B61D74BD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.",
      },
      {
         lang: "es",
         value: "Un desbordamiento de búfer en SQL Server 2005 SP1 y SP2, y 2005 Express Edition SP1 y SP2, de Microsoft, permite a usuarios autenticados remotos ejecutar código arbitrario por medio de una sentencia insert diseñada.",
      },
   ],
   id: "CVE-2008-0106",
   lastModified: "2024-11-21T00:41:11.000",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2008-07-08T23:41:00.000",
   references: [
      {
         source: "secure@microsoft.com",
         url: "http://secunia.com/advisories/30970",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securitytracker.com/id?1020441",
      },
      {
         source: "secure@microsoft.com",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.vupen.com/english/advisories/2008/2022/references",
      },
      {
         source: "secure@microsoft.com",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040",
      },
      {
         source: "secure@microsoft.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30970",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1020441",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/2022/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2008-07-08 23:41
Modified
2024-11-21 00:41
Severity ?
Summary
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
References
secure@microsoft.comhttp://secunia.com/advisories/30970
secure@microsoft.comhttp://www.securityfocus.com/archive/1/494082/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/archive/1/516397/100/0/threaded
secure@microsoft.comhttp://www.securitytracker.com/id?1020441
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA08-190A.htmlUS Government Resource
secure@microsoft.comhttp://www.vmware.com/security/advisories/VMSA-2011-0003.html
secure@microsoft.comhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
secure@microsoft.comhttp://www.vupen.com/english/advisories/2008/2022/references
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30970
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/494082/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/516397/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020441
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-190A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2011-0003.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2022/references
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*",
                     matchCriteriaId: "12788D78-4334-4A8A-9841-3DD894FDED50",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
                     matchCriteriaId: "54EB3111-B93A-4577-9592-0D13FE7FD2C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*",
                     matchCriteriaId: "A7A5116E-BD37-4539-B815-F1B70EC4D45D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*",
                     matchCriteriaId: "7910EDCF-376B-462A-996D-782C27E7322A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server_express_edition:2005:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "7E9E6FCD-B64C-4BA5-BD11-5659B61D74BD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.",
      },
      {
         lang: "es",
         value: "Un desbordamiento de búfer en la función convert en SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4 y 2000 Desktop Engine (WMSDE), de Microsoft, permite a usuarios autenticados remotos ejecutar código arbitrario por medio de una expresión SQL diseñada.",
      },
   ],
   id: "CVE-2008-0086",
   lastModified: "2024-11-21T00:41:08.263",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2008-07-08T23:41:00.000",
   references: [
      {
         source: "secure@microsoft.com",
         url: "http://secunia.com/advisories/30970",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securitytracker.com/id?1020441",
      },
      {
         source: "secure@microsoft.com",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.vupen.com/english/advisories/2008/2022/references",
      },
      {
         source: "secure@microsoft.com",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040",
      },
      {
         source: "secure@microsoft.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30970",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1020441",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/2022/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}