CVE-2008-0085

2008-07-0823:41:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2008-0085

sql server

microsoft

database security

memory management

information disclosure

6.3 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.02 Low

EPSS

Percentile

88.9%

JSON

SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.

CPENameOperatorVersion
microsoft:sql_servermicrosoft sql servereq2005
microsoft:sql_server_desktop_enginemicrosoft sql server desktop engineeq2000
microsoft:sql_servermicrosoft sql servereq7.0
microsoft:data_enginemicrosoft data engineeq1.0
microsoft:sql_servermicrosoft sql servereq2000
microsoft:wmsdemicrosoft wmsdeeq2000
microsoft:wyukonmicrosoft wyukoneq*

CPE	Name	Operator	Version
microsoft:sql_server	microsoft sql server	eq	2005
microsoft:sql_server_desktop_engine	microsoft sql server desktop engine	eq	2000
microsoft:sql_server	microsoft sql server	eq	7.0
microsoft:data_engine	microsoft data engine	eq	1.0
microsoft:sql_server	microsoft sql server	eq	2000
microsoft:wmsde	microsoft wmsde	eq	2000
microsoft:wyukon	microsoft wyukon	eq	*