CVE-2008-0085

Microsoft SQL Server Memory Page Reuse Information Exposure

Title source: llm
STIX 2.1

Description

SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020441
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30970
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2022/references
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040
Patch, Third Party Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-190A.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516397/100/0/threaded

Scores

EPSS 0.1068
EPSS Percentile 95.3%

Details

CWE
CWE-200
Status published
Products (7)
microsoft/data_engine 1.0 sp4
microsoft/sql_server 7.0 sp4
microsoft/sql_server 2000 sp4 (2 CPE variants)
microsoft/sql_server 2005 sp1 (8 CPE variants)
microsoft/sql_server_desktop_engine 2000 sp4
microsoft/wmsde 2000
microsoft/wyukon (2 CPE variants)
Published Jul 08, 2008
Tracked Since Feb 18, 2026