CVE-2008-0085
Microsoft SQL Server Memory Page Reuse Information Exposure
Title source: llmDescription
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020441
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30970
Third Party Advisory x_refsource_confirm
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14213
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2022/references
Patch, Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040
Patch, Third Party Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-190A.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Scores
EPSS
0.1068
EPSS Percentile
95.3%
Details
CWE
CWE-200
Status
published
Products (7)
microsoft/data_engine
1.0 sp4
microsoft/sql_server
7.0 sp4
microsoft/sql_server
2000 sp4 (2 CPE variants)
microsoft/sql_server
2005 sp1 (8 CPE variants)
microsoft/sql_server_desktop_engine
2000 sp4
microsoft/wmsde
2000
microsoft/wyukon
(2 CPE variants)
Published
Jul 08, 2008
Tracked Since
Feb 18, 2026