CVE-2008-0085

Description

SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.

Related CPE's

amicrosoftsql_server2005sp1******

amicrosoftsql_server_desktop_engine2000sp4******

amicrosoftsql_server2005sp1express*****

amicrosoftsql_server7.0sp4******

amicrosoftsql_server2005sp2******

amicrosoftdata_engine1.0sp4******

amicrosoftsql_server2000sp4******

amicrosoftsql_server2005sp2express*****

amicrosoftsql_server2000sp4****itanium*

amicrosoftsql_server2005sp1****itanium*

References

TA08-190A

Third Party AdvisoryUS Government Resource

30970

Vendor Advisory

1020441

Third Party AdvisoryVDB Entry

http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

PatchThird Party Advisory

ADV-2008-2022

Broken Link

oval:org.mitre.oval:def:14213

Third Party Advisory

MS08-040

PatchVendor Advisory

20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

Third Party AdvisoryVDB Entry

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:P/I:N/A:N

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

NONE

AvailabilityImpact

NONE

BaseScore

5

Created by Yello
About Severity.io