Buffer Overflow Vulnerability in Microsoft SQL Server 2000 and MSDE 2000
CVE-2008-0086

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server Desktop Engine; Sql Server Express Edition; Sql Server; Data Engine
Vendor: CVE Published:; 8 July 2008

Summary

A buffer overflow vulnerability exists in a specific function within Microsoft SQL Server 2000 and its Desktop Engine variants, allowing remote authenticated users to craft malicious SQL expressions. Exploiting this vulnerability can lead to arbitrary code execution, posing significant risks to database integrity and server security.

References

http://www.securitytracker.com/id?1020441

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://secunia.com/advisories/30970

third-party-advisoryx_refsource_SECUNIA

EPSS Score

73% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 8, 2008
Vulnerability Reserved
Jan 3, 2008