CVE-2008-0106

2008-07-0823:41:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-0106

buffer overflow

microsoft sql server

remote code execution

nvd

6.8 Medium

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.96 High

EPSS

Percentile

99.5%

JSON

Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.

CPENameOperatorVersion
microsoft:sql_server_desktop_enginemicrosoft sql server desktop engineeq2000
microsoft:sql_server_express_editionmicrosoft sql server express editioneq2005
microsoft:sql_servermicrosoft sql servereq7.0
microsoft:sql_servermicrosoft sql servereq2005
microsoft:data_enginemicrosoft data engineeq1.0
microsoft:sql_servermicrosoft sql servereq2000

CPE	Name	Operator	Version
microsoft:sql_server_desktop_engine	microsoft sql server desktop engine	eq	2000
microsoft:sql_server_express_edition	microsoft sql server express edition	eq	2005
microsoft:sql_server	microsoft sql server	eq	7.0
microsoft:sql_server	microsoft sql server	eq	2005
microsoft:data_engine	microsoft data engine	eq	1.0
microsoft:sql_server	microsoft sql server	eq	2000