9
CVE-2008-0107
- EPSS 34.54%
- Veröffentlicht 08.07.2008 23:41:00
- Zuletzt bearbeitet 16.06.2026 22:48:57
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Data Engine Version1.0 Updatesp4
Microsoft ≫ Sql Server Version7.0 Updatesp4
Microsoft ≫ Sql Server Version2000 Updatesp4
Microsoft ≫ Sql Server Version2000 Updatesp4 Editionitanium
Microsoft ≫ Sql Server Version2005 Updatesp1
Microsoft ≫ Sql Server Version2005 Updatesp1 Editionexpress
Microsoft ≫ Sql Server Version2005 Updatesp1 Editionitanium
Microsoft ≫ Sql Server Version2005 Updatesp1 Editionx64
Microsoft ≫ Sql Server Version2005 Updatesp2
Microsoft ≫ Sql Server Version2005 Updatesp2 Editionexpress
Microsoft ≫ Sql Server Version2005 Updatesp2 Editionitanium
Microsoft ≫ Sql Server Version2005 Updatesp2 Editionx64
Microsoft ≫ Sql Server Desktop Engine Version2000 Updatesp4
Microsoft ≫ Windows Server 2008 Editionx32
Microsoft ≫ Windows Server 2008 Editionx64
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 34.54% | 0.982 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
http://secunia.com/advisories/30970
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.securitytracker.com/id?1020441
http://www.us-cert.gov/cas/techalerts/TA08-190A.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
http://www.vupen.com/english/advisories/2008/2022/references
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040
http://www.securityfocus.com/archive/1/494082/100/0/threaded
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=723
http://www.insomniasec.com/advisories/ISVA-080709.1.htm
http://www.securityfocus.com/bid/30119
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13936