Search criteria
6 vulnerabilities found for sql_server_express_edition by microsoft
FKIE_CVE-2008-0086
Vulnerability from fkie_nvd - Published: 2008-07-08 23:41 - Updated: 2026-04-23 00:35
Severity
Summary
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | data_engine | 1.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server_desktop_engine | 2000 | |
| microsoft | sql_server_express_edition | 2005 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "12788D78-4334-4A8A-9841-3DD894FDED50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "54EB3111-B93A-4577-9592-0D13FE7FD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A7A5116E-BD37-4539-B815-F1B70EC4D45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*",
"matchCriteriaId": "7910EDCF-376B-462A-996D-782C27E7322A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_express_edition:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "7E9E6FCD-B64C-4BA5-BD11-5659B61D74BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la funci\u00f3n convert en SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4 y 2000 Desktop Engine (WMSDE), de Microsoft, permite a usuarios autenticados remotos ejecutar c\u00f3digo arbitrario por medio de una expresi\u00f3n SQL dise\u00f1ada."
}
],
"id": "CVE-2008-0086",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-08T23:41:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/30970"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0106
Vulnerability from fkie_nvd - Published: 2008-07-08 23:41 - Updated: 2026-04-23 00:35
Severity
Summary
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | data_engine | 1.0 | |
| microsoft | sql_server | 7.0 | |
| microsoft | sql_server | 2000 | |
| microsoft | sql_server | 2005 | |
| microsoft | sql_server_desktop_engine | 2000 | |
| microsoft | sql_server_express_edition | 2005 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "12788D78-4334-4A8A-9841-3DD894FDED50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "54EB3111-B93A-4577-9592-0D13FE7FD2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*",
"matchCriteriaId": "A7A5116E-BD37-4539-B815-F1B70EC4D45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*",
"matchCriteriaId": "7910EDCF-376B-462A-996D-782C27E7322A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_express_edition:2005:sp2:*:*:*:*:*:*",
"matchCriteriaId": "7E9E6FCD-B64C-4BA5-BD11-5659B61D74BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en SQL Server 2005 SP1 y SP2, y 2005 Express Edition SP1 y SP2, de Microsoft, permite a usuarios autenticados remotos ejecutar c\u00f3digo arbitrario por medio de una sentencia insert dise\u00f1ada."
}
],
"id": "CVE-2008-0106",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-08T23:41:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/30970"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-0106 (GCVE-0-2008-0106)
Vulnerability from nvd – Published: 2008-07-08 23:00 – Updated: 2024-08-07 07:32
VLAI
Summary
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1020441 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/30970 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vmware.com/support/vsphere4/doc/vsp_vc… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/2022… | vdb-entryx_refsource_VUPEN |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| http://www.securityfocus.com/archive/1/494082/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.us-cert.gov/cas/techalerts/TA08-190A.html | third-party-advisoryx_refsource_CERT |
| http://www.securityfocus.com/archive/1/516397/100… | mailing-listx_refsource_BUGTRAQ |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2008-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:24.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:13785",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:13785",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30970"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:13785",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0106",
"datePublished": "2008-07-08T23:00:00.000Z",
"dateReserved": "2008-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:32:24.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0086 (GCVE-0-2008-0086)
Vulnerability from nvd – Published: 2008-07-08 23:00 – Updated: 2024-08-07 07:32
VLAI
Summary
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1020441 | vdb-entryx_refsource_SECTRACK |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://secunia.com/advisories/30970 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vmware.com/support/vsphere4/doc/vsp_vc… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/2022… | vdb-entryx_refsource_VUPEN |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| http://www.securityfocus.com/archive/1/494082/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.us-cert.gov/cas/techalerts/TA08-190A.html | third-party-advisoryx_refsource_CERT |
| http://www.securityfocus.com/archive/1/516397/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "oval:org.mitre.oval:def:14052",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "oval:org.mitre.oval:def:14052",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "oval:org.mitre.oval:def:14052",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
},
{
"name": "30970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30970"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0086",
"datePublished": "2008-07-08T23:00:00.000Z",
"dateReserved": "2008-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:32:23.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0106 (GCVE-0-2008-0106)
Vulnerability from cvelistv5 – Published: 2008-07-08 23:00 – Updated: 2024-08-07 07:32
VLAI
Summary
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1020441 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/30970 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vmware.com/support/vsphere4/doc/vsp_vc… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/2022… | vdb-entryx_refsource_VUPEN |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| http://www.securityfocus.com/archive/1/494082/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.us-cert.gov/cas/techalerts/TA08-190A.html | third-party-advisoryx_refsource_CERT |
| http://www.securityfocus.com/archive/1/516397/100… | mailing-listx_refsource_BUGTRAQ |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2008-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:24.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:13785",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:13785",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "30970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30970"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:13785",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0106",
"datePublished": "2008-07-08T23:00:00.000Z",
"dateReserved": "2008-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:32:24.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0086 (GCVE-0-2008-0086)
Vulnerability from cvelistv5 – Published: 2008-07-08 23:00 – Updated: 2024-08-07 07:32
VLAI
Summary
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1020441 | vdb-entryx_refsource_SECTRACK |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://secunia.com/advisories/30970 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vmware.com/support/vsphere4/doc/vsp_vc… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/2022… | vdb-entryx_refsource_VUPEN |
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| http://www.securityfocus.com/archive/1/494082/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.us-cert.gov/cas/techalerts/TA08-190A.html | third-party-advisoryx_refsource_CERT |
| http://www.securityfocus.com/archive/1/516397/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "oval:org.mitre.oval:def:14052",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020441",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "oval:org.mitre.oval:def:14052",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
},
{
"name": "30970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020441"
},
{
"name": "oval:org.mitre.oval:def:14052",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052"
},
{
"name": "30970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30970"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "ADV-2008-2022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2022/references"
},
{
"name": "MS08-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
},
{
"name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-0086",
"datePublished": "2008-07-08T23:00:00.000Z",
"dateReserved": "2008-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:32:23.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}