CVE-2008-0086

Microsoft SQL Server 2000 SP4 and MSDE 2000 SP4 - Authenticated Buffer Overflow via Crafted SQL Expression

Title source: llm
STIX 2.1

Description

Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/494082/100/0/threaded
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-190A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020441
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30970
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2022/references
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516397/100/0/threaded

Scores

EPSS 0.6193
EPSS Percentile 99.1%

Details

CWE
CWE-119
Status published
Products (6)
microsoft/data_engine 1.0 sp4
microsoft/sql_server 7.0 sp4
microsoft/sql_server 2000 sp4
microsoft/sql_server 2005 sp2
microsoft/sql_server_desktop_engine 2000 sp4
microsoft/sql_server_express_edition 2005 sp2
Published Jul 08, 2008
Tracked Since Feb 18, 2026