9

CVE-2008-0106

Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftData Engine Version1.0 Updatesp4
MicrosoftSql Server Version7.0 Updatesp4
MicrosoftSql Server Version2000 Updatesp4
MicrosoftSql Server Version2005 Updatesp2
MicrosoftSql Server Desktop Engine Version2000 Updatesp4
MicrosoftSql Server Express Edition Version2005 Updatesp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 35.32% 0.982
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/30970
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.securitytracker.com/id?1020441
http://www.us-cert.gov/cas/techalerts/TA08-190A.html
US Government Resource
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
http://www.vupen.com/english/advisories/2008/2022/references
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040
http://www.securityfocus.com/archive/1/494082/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785