Buffer Overflow Vulnerability in Microsoft SQL Server 2005 by Microsoft
CVE-2008-0106

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server Desktop Engine; Sql Server Express Edition; Sql Server; Data Engine
Vendor: CVE Published:; 8 July 2008

What is CVE-2008-0106?

A buffer overflow vulnerability exists in Microsoft SQL Server 2005 and its Express Edition variants that allows remote authenticated users to execute arbitrary code. This is accomplished through a specially crafted insert statement, which can exploit the overflow and lead to unauthorized access and execution of arbitrary commands on the server. Proper mitigation strategies and updates are essential to safeguard against potential exploitation.

References

http://www.securitytracker.com/id?1020441

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/30970

third-party-advisoryx_refsource_SECUNIA

http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_re...

x_refsource_CONFIRM

EPSS Score

72% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2008
Vulnerability Reserved
Jan 7, 2008