CVE-2008-0107

Description

Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."

Related CPE's

amicrosoftsql_server2005sp1******

amicrosoftsql_server2005sp1itanium*****

amicrosoftsql_server_desktop_engine2000sp4******

amicrosoftsql_server2005sp1x64*****

amicrosoftsql_server2005sp1express*****

amicrosoftsql_server7.0sp4******

amicrosoftsql_server2005sp2******

amicrosoftsql_server2000sp4itanium*****

amicrosoftdata_engine1.0sp4******

amicrosoftsql_server2005sp2itanium*****

References

http://www.insomniasec.com/advisories/ISVA-080709.1.htm

TA08-190A

US Government Resource

20080708 Microsoft SQL Server Restore Integer Underflow Vulnerability

1020441

30970

Vendor Advisory

30119

http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

ADV-2008-2022

Vendor Advisory

oval:org.mitre.oval:def:13936

MS08-040

20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:S/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

SINGLE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

9

Created by Yello
About Severity.io