[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-0086

Date: (C)2008-07-08   (M)2017-10-04 


Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.

CVSS Score: 9.0Access Vector: NETWORK
Exploit Score: 8.0Access Complexity: LOW
Impact Score: 10.0Authentication: SINGLE_INSTANCE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECTRACK-1020441
http://www.securityfocus.com/archive/1/archive/1/494082/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
SECUNIA-30970
ADV-2008-2022
IAVM:2011-A-0066
MS08-040
TA08-190A
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

CPE    3
cpe:/a:microsoft:sql_server:2005:sp2
cpe:/a:microsoft:sql_server:2000:sp4
cpe:/a:microsoft:sql_server:7.0:sp4
CWE    1
CWE-119
OVAL    2
oval:org.mitre.oval:def:14052
oval:org.secpod.oval:def:3185

© 2013 SecPod Technologies