Vulnerabilites related to microsoft - sql_server_express_edition
cve-2008-0106
Vulnerability from cvelistv5
Published
2008-07-08 23:00
Modified
2024-08-07 07:32
Severity ?
EPSS score ?
Summary
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id?1020441 | vdb-entry, x_refsource_SECTRACK | |
http://secunia.com/advisories/30970 | third-party-advisory, x_refsource_SECUNIA | |
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html | x_refsource_CONFIRM | |
http://www.vupen.com/english/advisories/2008/2022/references | vdb-entry, x_refsource_VUPEN | |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040 | vendor-advisory, x_refsource_MS | |
http://www.securityfocus.com/archive/1/494082/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://www.vmware.com/security/advisories/VMSA-2011-0003.html | x_refsource_CONFIRM | |
http://www.us-cert.gov/cas/techalerts/TA08-190A.html | third-party-advisory, x_refsource_CERT | |
http://www.securityfocus.com/archive/1/516397/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T07:32:24.100Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1020441", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020441", }, { name: "30970", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30970", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", }, { name: "ADV-2008-2022", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2022/references", }, { name: "MS08-040", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040", }, { name: "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", }, { name: "TA08-190A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html", }, { name: "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded", }, { name: "oval:org.mitre.oval:def:13785", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-07-08T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1020441", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020441", }, { name: "30970", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30970", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", }, { name: "ADV-2008-2022", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2022/references", }, { name: "MS08-040", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040", }, { name: "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", }, { name: "TA08-190A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html", }, { name: "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded", }, { name: "oval:org.mitre.oval:def:13785", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2008-0106", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1020441", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020441", }, { name: "30970", refsource: "SECUNIA", url: "http://secunia.com/advisories/30970", }, { name: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", refsource: "CONFIRM", url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", }, { name: "ADV-2008-2022", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2022/references", }, { name: "MS08-040", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040", }, { name: "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded", }, { name: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", }, { name: "TA08-190A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html", }, { name: "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded", }, { name: "oval:org.mitre.oval:def:13785", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2008-0106", datePublished: "2008-07-08T23:00:00", dateReserved: "2008-01-07T00:00:00", dateUpdated: "2024-08-07T07:32:24.100Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-0086
Vulnerability from cvelistv5
Published
2008-07-08 23:00
Modified
2024-08-07 07:32
Severity ?
EPSS score ?
Summary
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id?1020441 | vdb-entry, x_refsource_SECTRACK | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052 | vdb-entry, signature, x_refsource_OVAL | |
http://secunia.com/advisories/30970 | third-party-advisory, x_refsource_SECUNIA | |
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html | x_refsource_CONFIRM | |
http://www.vupen.com/english/advisories/2008/2022/references | vdb-entry, x_refsource_VUPEN | |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040 | vendor-advisory, x_refsource_MS | |
http://www.securityfocus.com/archive/1/494082/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://www.vmware.com/security/advisories/VMSA-2011-0003.html | x_refsource_CONFIRM | |
http://www.us-cert.gov/cas/techalerts/TA08-190A.html | third-party-advisory, x_refsource_CERT | |
http://www.securityfocus.com/archive/1/516397/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T07:32:23.907Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1020441", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020441", }, { name: "oval:org.mitre.oval:def:14052", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052", }, { name: "30970", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30970", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", }, { name: "ADV-2008-2022", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2022/references", }, { name: "MS08-040", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040", }, { name: "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", }, { name: "TA08-190A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html", }, { name: "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-07-08T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1020441", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020441", }, { name: "oval:org.mitre.oval:def:14052", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052", }, { name: "30970", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30970", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", }, { name: "ADV-2008-2022", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2022/references", }, { name: "MS08-040", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040", }, { name: "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", }, { name: "TA08-190A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html", }, { name: "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2008-0086", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1020441", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020441", }, { name: "oval:org.mitre.oval:def:14052", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052", }, { name: "30970", refsource: "SECUNIA", url: "http://secunia.com/advisories/30970", }, { name: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", refsource: "CONFIRM", url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", }, { name: "ADV-2008-2022", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2022/references", }, { name: "MS08-040", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040", }, { name: "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded", }, { name: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", }, { name: "TA08-190A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html", }, { name: "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2008-0086", datePublished: "2008-07-08T23:00:00", dateReserved: "2008-01-03T00:00:00", dateUpdated: "2024-08-07T07:32:23.907Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2008-07-08 23:41
Modified
2024-11-21 00:41
Severity ?
Summary
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | data_engine | 1.0 | |
microsoft | sql_server | 7.0 | |
microsoft | sql_server | 2000 | |
microsoft | sql_server | 2005 | |
microsoft | sql_server_desktop_engine | 2000 | |
microsoft | sql_server_express_edition | 2005 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*", matchCriteriaId: "12788D78-4334-4A8A-9841-3DD894FDED50", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*", matchCriteriaId: "54EB3111-B93A-4577-9592-0D13FE7FD2C4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*", matchCriteriaId: "A7A5116E-BD37-4539-B815-F1B70EC4D45D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*", matchCriteriaId: "26423C70-4475-4D7E-8CC0-D8CFADE16B26", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*", matchCriteriaId: "7910EDCF-376B-462A-996D-782C27E7322A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_express_edition:2005:sp2:*:*:*:*:*:*", matchCriteriaId: "7E9E6FCD-B64C-4BA5-BD11-5659B61D74BD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.", }, { lang: "es", value: "Un desbordamiento de búfer en SQL Server 2005 SP1 y SP2, y 2005 Express Edition SP1 y SP2, de Microsoft, permite a usuarios autenticados remotos ejecutar código arbitrario por medio de una sentencia insert diseñada.", }, ], id: "CVE-2008-0106", lastModified: "2024-11-21T00:41:11.000", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-07-08T23:41:00.000", references: [ { source: "secure@microsoft.com", url: "http://secunia.com/advisories/30970", }, { source: "secure@microsoft.com", url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded", }, { source: "secure@microsoft.com", url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id?1020441", }, { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html", }, { source: "secure@microsoft.com", url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", }, { source: "secure@microsoft.com", url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", }, { source: "secure@microsoft.com", url: "http://www.vupen.com/english/advisories/2008/2022/references", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30970", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2022/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-07-08 23:41
Modified
2024-11-21 00:41
Severity ?
Summary
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | data_engine | 1.0 | |
microsoft | sql_server | 7.0 | |
microsoft | sql_server | 2000 | |
microsoft | sql_server | 2005 | |
microsoft | sql_server_desktop_engine | 2000 | |
microsoft | sql_server_express_edition | 2005 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*", matchCriteriaId: "12788D78-4334-4A8A-9841-3DD894FDED50", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*", matchCriteriaId: "54EB3111-B93A-4577-9592-0D13FE7FD2C4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*", matchCriteriaId: "A7A5116E-BD37-4539-B815-F1B70EC4D45D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*", matchCriteriaId: "26423C70-4475-4D7E-8CC0-D8CFADE16B26", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*", matchCriteriaId: "7910EDCF-376B-462A-996D-782C27E7322A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_express_edition:2005:sp2:*:*:*:*:*:*", matchCriteriaId: "7E9E6FCD-B64C-4BA5-BD11-5659B61D74BD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.", }, { lang: "es", value: "Un desbordamiento de búfer en la función convert en SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4 y 2000 Desktop Engine (WMSDE), de Microsoft, permite a usuarios autenticados remotos ejecutar código arbitrario por medio de una expresión SQL diseñada.", }, ], id: "CVE-2008-0086", lastModified: "2024-11-21T00:41:08.263", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-07-08T23:41:00.000", references: [ { source: "secure@microsoft.com", url: "http://secunia.com/advisories/30970", }, { source: "secure@microsoft.com", url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded", }, { source: "secure@microsoft.com", url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id?1020441", }, { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html", }, { source: "secure@microsoft.com", url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", }, { source: "secure@microsoft.com", url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", }, { source: "secure@microsoft.com", url: "http://www.vupen.com/english/advisories/2008/2022/references", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30970", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/494082/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/516397/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-190A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2022/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }