Heap-Based Buffer Overflow Vulnerability in Microsoft SQL Server Products
CVE-2008-0107

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Sql Server Desktop Engine; Data Engine
Vendor: CVE Published:; 8 July 2008

Summary

An integer underflow vulnerability exists in various versions of Microsoft SQL Server and its components, which allows remote authenticated users to exploit this flaw. By providing a specially crafted pathname for an on-disk file or stored backup file, users can trigger a heap-based buffer overflow. This vulnerability can potentially allow execution of arbitrary code, posing a significant risk to data integrity and system stability.

References

http://www.securitytracker.com/id?1020441

vdb-entryx_refsource_SECTRACK

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://secunia.com/advisories/30970

third-party-advisoryx_refsource_SECUNIA

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 8, 2008
Vulnerability Reserved
Jan 7, 2008