9
CVE-2008-0107
- EPSS 57.27%
- Published 08.07.2008 23:41:00
- Last modified 09.04.2025 00:30:58
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Data Engine Version1.0 Updatesp4
Microsoft ≫ Sql Server Version7.0 Updatesp4
Microsoft ≫ Sql Server Version2000 Updatesp4
Microsoft ≫ Sql Server Version2000 Updatesp4 Editionitanium
Microsoft ≫ Sql Server Version2005 Updatesp1
Microsoft ≫ Sql Server Version2005 Updatesp1 Editionexpress
Microsoft ≫ Sql Server Version2005 Updatesp1 Editionitanium
Microsoft ≫ Sql Server Version2005 Updatesp1 Editionx64
Microsoft ≫ Sql Server Version2005 Updatesp2
Microsoft ≫ Sql Server Version2005 Updatesp2 Editionexpress
Microsoft ≫ Sql Server Version2005 Updatesp2 Editionitanium
Microsoft ≫ Sql Server Version2005 Updatesp2 Editionx64
Microsoft ≫ Sql Server Desktop Engine Version2000 Updatesp4
Microsoft ≫ Windows Server 2008 Editionx32
Microsoft ≫ Windows Server 2008 Editionx64
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 57.27% | 0.979 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|