Memory Initialization Flaw in Microsoft SQL Server and Data Engine Products
CVE-2008-0085

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Sql Server Desktop Engine; Data Engine
Vendor: CVE Published:; 8 July 2008

Summary

A vulnerability in Microsoft SQL Server and its associated database engines, such as the Microsoft Data Engine (MSDE), arises from improper memory page initialization. This flaw allows attackers or unauthorized database operators to potentially access sensitive information by exploiting the reuse of memory pages when reallocating memory. Affected versions include SQL Server 7.0, 2000, and 2005 series, as well as MSDE 2000 SP4. This could lead to significant data exposure in environments relying on these affected versions.

References

http://www.securitytracker.com/id?1020441

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/30970

third-party-advisoryx_refsource_SECUNIA

http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_re...

x_refsource_CONFIRM

EPSS Score

27% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 8, 2008
Vulnerability Reserved
Jan 3, 2008