CVE-2008-0086
Microsoft SQL Server 2000 SP4 and MSDE 2000 SP4 - Authenticated Buffer Overflow via Crafted SQL Expression
Title source: llmDescription
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052
Vendor Advisory x_refsource_confirm
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/494082/100/0/threaded
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-190A.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020441
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30970
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2022/references
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Scores
EPSS
0.6193
EPSS Percentile
99.1%
Details
CWE
CWE-119
Status
published
Products (6)
microsoft/data_engine
1.0 sp4
microsoft/sql_server
7.0 sp4
microsoft/sql_server
2000 sp4
microsoft/sql_server
2005 sp2
microsoft/sql_server_desktop_engine
2000 sp4
microsoft/sql_server_express_edition
2005 sp2
Published
Jul 08, 2008
Tracked Since
Feb 18, 2026